Bug 265082

Summary:	devel/ipython: 7.31.1 was a security release but not marked or merged (CVE-2022-21699)
Product:	Ports & Packages	Reporter:	Kubilay Kocak <koobs>
Component:	Individual Port(s)	Assignee:	Danilo G. Baio <dbaio>
Status:	Closed FIXED
Severity:	Affects Many People	CC:	dbaio, grahamperrin, ports-secteam, sunpoet
Priority:	---	Keywords:	needs-patch, needs-qa, security
Version:	Latest	Flags:	sunpoet: maintainer-feedback- dbaio: maintainer-feedback+
Hardware:	Any
OS:	Any
URL:	https://github.com/ipython/ipython/blob/7.31.1/docs/source/whatsnew/version7.rst
Bug Depends on:
Bug Blocks:	265076

Description Kubilay Kocak freebsd_committer

2022-07-08 01:48:36 UTC

devel/ipython was updated from 7.29.0 to 7.32.0 in ports 3675d8a989eb but security/vuxml entries don't appear to have been created and the update doesnt appear to have been merged to quarterly at the time.

This issue is to create a security/vuxml entry for the security vulnerability, and to merge the latest 7.* port version updates (all bugfix releases) to quarterly, before updating devel/ipython to the 8.x series in bug 265076

Comment 1 Po-Chuan Hsieh freebsd_committer

2022-07-11 14:26:58 UTC

7.34.0 (latest 7.x) was committed in Q2 [1] and it's Q3 now. That means it's already in quarterly branch [2].

[1] https://cgit.freebsd.org/ports/commit/?id=d2e3a4375eddb18c240f74da550d3a3c75303031
[2] https://cgit.freebsd.org/ports/log/devel/ipython?h=2022Q3

Comment 2 commit-hook freebsd_committer

2022-11-12 13:45:04 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c1b89a9971573c47a5a001488001ce928cd9340a

commit c1b89a9971573c47a5a001488001ce928cd9340a
Author:     Danilo G. Baio <dbaio@FreeBSD.org>
AuthorDate: 2022-11-12 13:41:22 +0000
Commit:     Danilo G. Baio <dbaio@FreeBSD.org>
CommitDate: 2022-11-12 13:43:56 +0000

    security/vuxml: Add devel/ipython issue

    PR:             265082

 security/vuxml/vuln-2022.xml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)