[FREEBSD:D86BECFE-05A4-11EE-9D4A-080027EDA32C] Python -- multiple vulnerabilities
Severity
High
Affected Packages
5
CVEs
7
Python reports:
gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded
to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well
as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters
following the specification for URLs defined by WHATWG in response to CVE-2023-24329.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal
based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with
shell=True.
gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open().
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter
argument that allows limiting tar features than may be surprising or dangerous, such as creating
files outside the destination directory.
gh-102126: Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to
acquire the runtime head lock.
gh-100892: Fixed a crash due to a race while iterating over thread states in clearing
threading.local.
| Package | Affected Version |
|---|---|
 pkg:freebsd/python39
|
< 3.9.17 |
|
pkg:freebsd/python38
|
< 3.8.17 |
|
pkg:freebsd/python37
|
< 3.7.17 |
|
pkg:freebsd/python311
|
< 3.11.4 |
|
pkg:freebsd/python310
|
< 3.10.12 |
- ID
- FREEBSD:D86BECFE-05A4-11EE-9D4A-080027EDA32C
- Severity
- high
- Severity from
- CVE-2022-4303
- URL
- http://vuxml.freebsd.org/freebsd/d86becfe-05a4-11ee-9d4a-080027eda32c.html
- Published
-
2022-06-08T00:00:00
(2 years ago) - Modified
-
2023-06-08T00:00:00
(15 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
-
ALAS-2023-1683
-
ALAS-2023-1713
-
ALAS-2023-1714
-
ALAS-2023-1762
-
ALAS2-2023-1934
-
ALAS2-2023-1935
-
ALAS2-2023-1980
-
ALAS2-2023-1990
-
ALAS2-2023-2039
-
ALAS2-2023-2073
-
ALAS2-2023-2097
-
ALAS2-2024-2502
-
ALPINE:CVE-2023-0286
-
ALPINE:CVE-2023-0464
-
ALPINE:CVE-2023-0465
-
ALPINE:CVE-2023-0466
-
ALPINE:CVE-2023-2650
-
ALSA-2023:0946
-
ALSA-2023:1405
-
ALSA-2023:2165
-
ALSA-2023:2932
-
ALSA-2023:3585
-
ALSA-2023:3591
-
ALSA-2023:3594
-
ALSA-2023:3595
-
ALSA-2023:3722
-
ALSA-2023:3780
-
ALSA-2023:3781
-
ALSA-2023:3811
-
ALSA-2023:6330
-
DSA-5343-1
-
DSA-5417-1
-
ELSA-2023-0946
-
ELSA-2023-12152
-
ELSA-2023-12205
-
ELSA-2023-12210
-
ELSA-2023-12213
-
ELSA-2023-12297
-
ELSA-2023-12326
-
ELSA-2023-12768
-
ELSA-2023-13024
-
ELSA-2023-13025
-
ELSA-2023-13026
-
ELSA-2023-13027
-
ELSA-2023-1335
-
ELSA-2023-1405
-
ELSA-2023-2165
-
ELSA-2023-2932
-
ELSA-2023-32790
-
ELSA-2023-32791
-
ELSA-2023-3550
-
ELSA-2023-3555
-
ELSA-2023-3556
-
ELSA-2023-3585
-
ELSA-2023-3591
-
ELSA-2023-3594
-
ELSA-2023-3595
-
ELSA-2023-3722
-
ELSA-2023-3780
-
ELSA-2023-3781
-
ELSA-2023-3811
-
ELSA-2023-6330
-
FEDORA-2023-026c8ba371
-
FEDORA-2023-03599274db
-
FEDORA-2023-1092538441
-
FEDORA-2023-2b25dd2a11
-
FEDORA-2023-309cadedc6
-
FEDORA-2023-31888c4781
-
FEDORA-2023-401947eb94
-
FEDORA-2023-406c1c6ed7
-
FEDORA-2023-56cefa23df
-
FEDORA-2023-57f33242bc
-
FEDORA-2023-63c69aa712
-
FEDORA-2023-690e150a39
-
FEDORA-2023-81bb8e3b99
-
FEDORA-2023-953c2607d8
-
FEDORA-2023-964eb00fc6
-
FEDORA-2023-96aa33f0d3
-
FEDORA-2023-994ecd7dbc
-
FEDORA-2023-a5564c0a3f
-
FEDORA-2023-acdfd145f2
-
FEDORA-2023-b3a3df39dd
-
FEDORA-2023-b854908745
-
FEDORA-2023-d294ef140e
-
FEDORA-2023-d8b0003ecd
-
FEDORA-2023-dd526ed2e4
-
FEDORA-2023-e1ffb79ddf
-
FEDORA-2023-e821b64a4c
-
FEDORA-2023-f52390b9d2
-
FREEBSD:1BA034FB-CA38-11ED-B242-D4C9EF517024
-
FREEBSD:22DF5074-71CD-11EE-85EB-84A93843EB75
-
FREEBSD:425B9538-CE5F-11ED-ADE3-D4C9EF517024
-
FREEBSD:648A432C-A71F-11ED-86E9-D4C9EF517024
-
FREEBSD:C1A8ED1C-2814-4260-82AA-9E37C83AAC93
-
FREEBSD:C8EB4C40-47BD-11EE-8E38-002590C1F29C
-
FREEBSD:EB9A3C57-FF9E-11ED-A0D1-84A93843EB75
-
GLSA-202402-08
-
GLSA-202405-01
-
MS:CVE-2023-0465
-
MS:CVE-2023-0466
-
MS:CVE-2023-2650
-
RHSA-2023:0946
-
RHSA-2023:1335
-
RHSA-2023:1405
-
RHSA-2023:2165
-
RHSA-2023:2932
-
RHSA-2023:3555
-
RHSA-2023:3556
-
RHSA-2023:3585
-
RHSA-2023:3591
-
RHSA-2023:3594
-
RHSA-2023:3595
-
RHSA-2023:3722
-
RHSA-2023:3780
-
RHSA-2023:3781
-
RHSA-2023:3811
-
RHSA-2023:6330
-
RLSA-2023:0946
-
RLSA-2023:1405
-
RLSA-2023:3585
-
RLSA-2023:3591
-
RLSA-2023:3594
-
RLSA-2023:3595
-
RUSTSEC-2023-0006
-
SSA:2023-038-01
-
SSA:2023-150-01
-
SSA:2023-159-03
-
SUSE-SU-2023:0305-1
-
SUSE-SU-2023:0305-2
-
SUSE-SU-2023:0306-1
-
SUSE-SU-2023:0307-1
-
SUSE-SU-2023:0308-1
-
SUSE-SU-2023:0309-1
-
SUSE-SU-2023:0310-1
-
SUSE-SU-2023:0311-1
-
SUSE-SU-2023:0312-1
-
SUSE-SU-2023:0482-1
-
SUSE-SU-2023:0662-1
-
SUSE-SU-2023:0663-1
-
SUSE-SU-2023:0684-1
-
SUSE-SU-2023:0707-1
-
SUSE-SU-2023:0724-1
-
SUSE-SU-2023:0736-1
-
SUSE-SU-2023:0748-1
-
SUSE-SU-2023:0868-1
-
SUSE-SU-2023:0868-2
-
SUSE-SU-2023:1703-1
-
SUSE-SU-2023:1704-1
-
SUSE-SU-2023:1737-1
-
SUSE-SU-2023:1738-1
-
SUSE-SU-2023:1745-1
-
SUSE-SU-2023:1746-1
-
SUSE-SU-2023:1747-1
-
SUSE-SU-2023:1748-1
-
SUSE-SU-2023:1754-1
-
SUSE-SU-2023:1764-1
-
SUSE-SU-2023:1790-1
-
SUSE-SU-2023:1794-1
-
SUSE-SU-2023:1898-1
-
SUSE-SU-2023:1907-1
-
SUSE-SU-2023:1908-1
-
SUSE-SU-2023:1911-1
-
SUSE-SU-2023:1912-1
-
SUSE-SU-2023:1914-1
-
SUSE-SU-2023:1922-1
-
SUSE-SU-2023:1926-1
-
SUSE-SU-2023:1960-1
-
SUSE-SU-2023:2327-1
-
SUSE-SU-2023:2328-1
-
SUSE-SU-2023:2329-1
-
SUSE-SU-2023:2330-1
-
SUSE-SU-2023:2331-1
-
SUSE-SU-2023:2332-1
-
SUSE-SU-2023:2342-1
-
SUSE-SU-2023:2343-1
-
SUSE-SU-2023:2469-1
-
SUSE-SU-2023:2470-1
-
SUSE-SU-2023:2471-1
-
SUSE-SU-2023:2620-1
-
SUSE-SU-2023:2639-1
-
SUSE-SU-2023:2884-1
-
SUSE-SU-2023:2937-1
-
SUSE-SU-2023:2957-1
-
USN-5844-1
-
USN-5845-1
-
USN-5845-2
-
USN-5888-1
-
USN-5960-1
-
USN-6039-1
-
USN-6119-1
-
USN-6139-1
-
USN-6188-1
-
USN-6564-1
-
USN-6672-1
-
USN-6891-1
-
VU:127587
-
| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
 https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:freebsd/python39 |
python39
|
< 3.9.17 | ||||
| Affected | pkg:freebsd/python38 |
python38
|
< 3.8.17 | ||||
| Affected | pkg:freebsd/python37 |
python37
|
< 3.7.17 | ||||
| Affected | pkg:freebsd/python311 |
python311
|
< 3.11.4 | ||||
| Affected | pkg:freebsd/python310 |
python310
|
< 3.10.12 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |