Bug 273363

Summary: devel/py-joblib: upgrade to 1.3.2 and fixes CVE-2022-21797
Product: Ports & Packages Reporter: Thierry Thomas <thierry>
Component: Individual Port(s)Assignee: Steven Kreuzer <skreuzer>
Status: Closed FIXED    
Severity: Affects Some People CC: thierry
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (skreuzer)
Hardware: Any   
OS: Any   
URL: https://github.com/joblib/joblib/releases
Attachments:
Description Flags
Upgrade to 1.3.2 and fixes CVE-2022-21797 none

Description Thierry Thomas freebsd_committer freebsd_triage 2023-08-26 15:07:52 UTC 
Created attachment 244361 [details]
Upgrade to 1.3.2 and fixes CVE-2022-21797

Releases notes available at <https://github.com/joblib/joblib/releases>.

Remark: devel/py-threadpoolctl is not listed as a RUN dependency, but several tests fail without it.
Comment 1 Steven Kreuzer freebsd_committer freebsd_triage 2023-08-27 14:07:25 UTC 
Thanks Thierry. Please feel free to commit this change
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-08-28 19:44:54 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8d1d87e5ef24394f6336a5f8746a11962f1e4e9f

commit 8d1d87e5ef24394f6336a5f8746a11962f1e4e9f
Author:     Thierry Thomas <thierry@FreeBSD.org>
AuthorDate: 2023-08-26 14:58:19 +0000
Commit:     Thierry Thomas <thierry@FreeBSD.org>
CommitDate: 2023-08-28 19:42:48 +0000

    devel/py-joblib: upgrade to 1.3.2

    This solves CVE-2022-21797.

    Releases notes available at <https://github.com/joblib/joblib/releases>.

    Remark: devel/py-threadpoolctl is not listed as a RUN dependency, but
    several tests fail without it.

    Security:       CVE-2022-21797

    PR:             273363
    Approved by:    skreuzer (maintainer)

 devel/py-joblib/Makefile | 22 ++++++++--------------
 devel/py-joblib/distinfo |  6 +++---
 2 files changed, 11 insertions(+), 17 deletions(-)
Comment 3 Thierry Thomas freebsd_committer freebsd_triage 2023-08-28 19:45:24 UTC 
Committed, thanks!
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-08-29 17:38:12 UTC 
A commit in branch 2023Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2d846a68cd3cae2146da461006dd1297afb3c54c

commit 2d846a68cd3cae2146da461006dd1297afb3c54c
Author:     Thierry Thomas <thierry@FreeBSD.org>
AuthorDate: 2023-08-26 14:58:19 +0000
Commit:     Thierry Thomas <thierry@FreeBSD.org>
CommitDate: 2023-08-29 17:36:09 +0000

    devel/py-joblib: upgrade to 1.3.2

    This solves CVE-2022-21797.

    Releases notes available at <https://github.com/joblib/joblib/releases>.

    Remark: devel/py-threadpoolctl is not listed as a RUN dependency, but
    several tests fail without it.

    Security:       CVE-2022-21797

    PR:             273363
    Approved by:    skreuzer (maintainer)

    (cherry picked from commit 8d1d87e5ef24394f6336a5f8746a11962f1e4e9f)

 devel/py-joblib/Makefile | 22 ++++++++--------------
 devel/py-joblib/distinfo |  6 +++---
 2 files changed, 11 insertions(+), 17 deletions(-)