https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=296149

            Bug ID: 296149
           Summary: lang/python311: 3.11.15_4 open vulnerabilities after
                    patching a few CVEs
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: [email protected]
          Reporter: [email protected]
             Flags: maintainer-feedback?([email protected])
          Assignee: [email protected]

# pkg audit -F
vulnxml file up-to-date
python311-3.11.15_4 is vulnerable:
  Python -- poplib module, when passed a user-controlled command, can have
additional commands injected using newlines
  CVE: CVE-2025-15367
  WWW:
https://vuxml.FreeBSD.org/freebsd/6d3488ae-2e0f-11f1-88c7-00a098b42aeb.html

  Python -- imaplib module, when passed a user-controlled command, can have
additional commands injected using newlines
  CVE: CVE-2025-15366
  WWW:
https://vuxml.FreeBSD.org/freebsd/0be929a5-2e0f-11f1-88c7-00a098b42aeb.html

  Python -- configparser vulnerable to excessive CPU use
  WWW:
https://vuxml.FreeBSD.org/freebsd/5ec4dcf6-3588-11f1-b51c-6dd25bec137b.html

  Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF
  CVE: CVE-2026-1502
  WWW:
https://vuxml.FreeBSD.org/freebsd/30bda1c3-369b-11f1-b51c-6dd25bec137b.html

4 problem(s) in 1 package(s) found.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to