Bug 246738 - lang/python36: Update to 3.6.11
Summary: lang/python36: Update to 3.6.11
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Danilo G. Baio
URL:
Keywords: needs-patch, security
Depends on: 245819
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-26 06:51 UTC by Janos Mohacsi
Modified: 2020-06-13 14:14 UTC (History)
5 users (show)

See Also:
koobs: maintainer-feedback? (python)
joneum: merge-quarterly+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janos Mohacsi 2020-05-26 06:51:32 UTC
python36 is not updated to 3.6.11 while it is vulnerable.
https://vuxml.freebsd.org/freebsd/a27b0bb6-84fc-11ea-b5b4-641c67a117d8.html
Are you planning to update it?
Comment 1 Jochen Neumeister freebsd_committer 2020-05-26 08:50:29 UTC
set + for MFH as a part of ports-secteam
Comment 2 Dani 2020-06-08 09:40:12 UTC
3.6.11 hasn't yet been released. Please see: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246984
Comment 3 commit-hook freebsd_committer 2020-06-13 14:08:56 UTC
A commit references this bug:

Author: dbaio
Date: Sat Jun 13 14:08:04 UTC 2020
New revision: 538674
URL: https://svnweb.freebsd.org/changeset/ports/538674

Log:
  security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries

  Python 3.6 and 3.7 are not vulnerable in the ports tree anymore.
  Change range for python35 to <le>, suggested by swills.

  PR:		246984, 246738

Changes:
  head/security/vuxml/vuln.xml
Comment 4 Danilo G. Baio freebsd_committer 2020-06-13 14:14:12 UTC
Python 3.6 has been updated to 3.6.10 with security fixes that will be present on the 3.6.11 version. Vuxml alert was cleared.
And closing this as we don't have Python 3.6.11 yet.