https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294246
--- Comment #18 from ish <[email protected]> --- Why this thread was closed ? I use python311 and python314 and the following state is unchanged yet. # pkg audit python311-3.11.15_2 is vulnerable: Python -- use-after-free vulnerability in decompressors under memory pressure CVE: CVE-2026-6100 WWW: https://vuxml.FreeBSD.org/freebsd/b8e9f33c-375d-11f1-a119-e36228bfe7d4.html Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF CVE: CVE-2026-1502 WWW: https://vuxml.FreeBSD.org/freebsd/30bda1c3-369b-11f1-b51c-6dd25bec137b.html python -- more webbrowser.open() command injection vulnerabilities CVE: CVE-2026-4786 WWW: https://vuxml.FreeBSD.org/freebsd/cf75f572-378a-11f1-a119-e36228bfe7d4.html Python -- configparser vulnerable to excessive CPU use WWW: https://vuxml.FreeBSD.org/freebsd/5ec4dcf6-3588-11f1-b51c-6dd25bec137b.html Python -- poplib module, when passed a user-controlled command, can have additional commands injected using newlines CVE: CVE-2025-15367 WWW: https://vuxml.FreeBSD.org/freebsd/6d3488ae-2e0f-11f1-88c7-00a098b42aeb.html Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines CVE: CVE-2025-15366 WWW: https://vuxml.FreeBSD.org/freebsd/0be929a5-2e0f-11f1-88c7-00a098b42aeb.html python314-3.14.4_2 is vulnerable: Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines CVE: CVE-2025-15366 WWW: https://vuxml.FreeBSD.org/freebsd/0be929a5-2e0f-11f1-88c7-00a098b42aeb.html Python -- poplib module, when passed a user-controlled command, can have additional commands injected using newlines CVE: CVE-2025-15367 WWW: https://vuxml.FreeBSD.org/freebsd/6d3488ae-2e0f-11f1-88c7-00a098b42aeb.html 8 problem(s) in 2 package(s) found. -- You are receiving this mail because: You are the assignee for the bug.
