[FREEBSD:D86BECFE-05A4-11EE-9D4A-080027EDA32C] Python -- multiple vulnerabilities
Severity
High
Affected Packages
5
CVEs
7
Python reports:
gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded
to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well
as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters
following the specification for URLs defined by WHATWG in response to CVE-2023-24329.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal
based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with
shell=True.
gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open().
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter
argument that allows limiting tar features than may be surprising or dangerous, such as creating
files outside the destination directory.
gh-102126: Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to
acquire the runtime head lock.
gh-100892: Fixed a crash due to a race while iterating over thread states in clearing
threading.local.
Package | Affected Version |
---|---|
pkg:freebsd/python39 | < 3.9.17 |
pkg:freebsd/python38 | < 3.8.17 |
pkg:freebsd/python37 | < 3.7.17 |
pkg:freebsd/python311 | < 3.11.4 |
pkg:freebsd/python310 | < 3.10.12 |
- ID
- FREEBSD:D86BECFE-05A4-11EE-9D4A-080027EDA32C
- Severity
- high
- Severity from
- CVE-2022-4303
- URL
- http://vuxml.freebsd.org/freebsd/d86becfe-05a4-11ee-9d4a-080027eda32c.html
- Published
-
2022-06-08T00:00:00
(2 years ago) - Modified
-
2023-06-08T00:00:00
(15 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2023-1683
- ALAS-2023-1713
- ALAS-2023-1714
- ALAS-2023-1762
- ALAS2-2023-1934
- ALAS2-2023-1935
- ALAS2-2023-1980
- ALAS2-2023-1990
- ALAS2-2023-2039
- ALAS2-2023-2073
- ALAS2-2023-2097
- ALAS2-2024-2502
- ALPINE:CVE-2023-0286
- ALPINE:CVE-2023-0464
- ALPINE:CVE-2023-0465
- ALPINE:CVE-2023-0466
- ALPINE:CVE-2023-2650
- ALSA-2023:0946
- ALSA-2023:1405
- ALSA-2023:2165
- ALSA-2023:2932
- ALSA-2023:3585
- ALSA-2023:3591
- ALSA-2023:3594
- ALSA-2023:3595
- ALSA-2023:3722
- ALSA-2023:3780
- ALSA-2023:3781
- ALSA-2023:3811
- ALSA-2023:6330
- DSA-5343-1
- DSA-5417-1
- ELSA-2023-0946
- ELSA-2023-12152
- ELSA-2023-12205
- ELSA-2023-12210
- ELSA-2023-12213
- ELSA-2023-12297
- ELSA-2023-12326
- ELSA-2023-12768
- ELSA-2023-13024
- ELSA-2023-13025
- ELSA-2023-13026
- ELSA-2023-13027
- ELSA-2023-1335
- ELSA-2023-1405
- ELSA-2023-2165
- ELSA-2023-2932
- ELSA-2023-32790
- ELSA-2023-32791
- ELSA-2023-3550
- ELSA-2023-3555
- ELSA-2023-3556
- ELSA-2023-3585
- ELSA-2023-3591
- ELSA-2023-3594
- ELSA-2023-3595
- ELSA-2023-3722
- ELSA-2023-3780
- ELSA-2023-3781
- ELSA-2023-3811
- ELSA-2023-6330
- FEDORA-2023-026c8ba371
- FEDORA-2023-03599274db
- FEDORA-2023-1092538441
- FEDORA-2023-2b25dd2a11
- FEDORA-2023-309cadedc6
- FEDORA-2023-31888c4781
- FEDORA-2023-401947eb94
- FEDORA-2023-406c1c6ed7
- FEDORA-2023-56cefa23df
- FEDORA-2023-57f33242bc
- FEDORA-2023-63c69aa712
- FEDORA-2023-690e150a39
- FEDORA-2023-81bb8e3b99
- FEDORA-2023-953c2607d8
- FEDORA-2023-964eb00fc6
- FEDORA-2023-96aa33f0d3
- FEDORA-2023-994ecd7dbc
- FEDORA-2023-a5564c0a3f
- FEDORA-2023-acdfd145f2
- FEDORA-2023-b3a3df39dd
- FEDORA-2023-b854908745
- FEDORA-2023-d294ef140e
- FEDORA-2023-d8b0003ecd
- FEDORA-2023-dd526ed2e4
- FEDORA-2023-e1ffb79ddf
- FEDORA-2023-e821b64a4c
- FEDORA-2023-f52390b9d2
- FREEBSD:1BA034FB-CA38-11ED-B242-D4C9EF517024
- FREEBSD:22DF5074-71CD-11EE-85EB-84A93843EB75
- FREEBSD:425B9538-CE5F-11ED-ADE3-D4C9EF517024
- FREEBSD:648A432C-A71F-11ED-86E9-D4C9EF517024
- FREEBSD:C1A8ED1C-2814-4260-82AA-9E37C83AAC93
- FREEBSD:C8EB4C40-47BD-11EE-8E38-002590C1F29C
- FREEBSD:EB9A3C57-FF9E-11ED-A0D1-84A93843EB75
- GLSA-202402-08
- GLSA-202405-01
- MS:CVE-2023-0465
- MS:CVE-2023-0466
- MS:CVE-2023-2650
- RHSA-2023:0946
- RHSA-2023:1335
- RHSA-2023:1405
- RHSA-2023:2165
- RHSA-2023:2932
- RHSA-2023:3555
- RHSA-2023:3556
- RHSA-2023:3585
- RHSA-2023:3591
- RHSA-2023:3594
- RHSA-2023:3595
- RHSA-2023:3722
- RHSA-2023:3780
- RHSA-2023:3781
- RHSA-2023:3811
- RHSA-2023:6330
- RLSA-2023:0946
- RLSA-2023:1405
- RLSA-2023:3585
- RLSA-2023:3591
- RLSA-2023:3594
- RLSA-2023:3595
- RUSTSEC-2023-0006
- SSA:2023-038-01
- SSA:2023-150-01
- SSA:2023-159-03
- SUSE-SU-2023:0305-1
- SUSE-SU-2023:0305-2
- SUSE-SU-2023:0306-1
- SUSE-SU-2023:0307-1
- SUSE-SU-2023:0308-1
- SUSE-SU-2023:0309-1
- SUSE-SU-2023:0310-1
- SUSE-SU-2023:0311-1
- SUSE-SU-2023:0312-1
- SUSE-SU-2023:0482-1
- SUSE-SU-2023:0662-1
- SUSE-SU-2023:0663-1
- SUSE-SU-2023:0684-1
- SUSE-SU-2023:0707-1
- SUSE-SU-2023:0724-1
- SUSE-SU-2023:0736-1
- SUSE-SU-2023:0748-1
- SUSE-SU-2023:0868-1
- SUSE-SU-2023:0868-2
- SUSE-SU-2023:1703-1
- SUSE-SU-2023:1704-1
- SUSE-SU-2023:1737-1
- SUSE-SU-2023:1738-1
- SUSE-SU-2023:1745-1
- SUSE-SU-2023:1746-1
- SUSE-SU-2023:1747-1
- SUSE-SU-2023:1748-1
- SUSE-SU-2023:1754-1
- SUSE-SU-2023:1764-1
- SUSE-SU-2023:1790-1
- SUSE-SU-2023:1794-1
- SUSE-SU-2023:1898-1
- SUSE-SU-2023:1907-1
- SUSE-SU-2023:1908-1
- SUSE-SU-2023:1911-1
- SUSE-SU-2023:1912-1
- SUSE-SU-2023:1914-1
- SUSE-SU-2023:1922-1
- SUSE-SU-2023:1926-1
- SUSE-SU-2023:1960-1
- SUSE-SU-2023:2327-1
- SUSE-SU-2023:2328-1
- SUSE-SU-2023:2329-1
- SUSE-SU-2023:2330-1
- SUSE-SU-2023:2331-1
- SUSE-SU-2023:2332-1
- SUSE-SU-2023:2342-1
- SUSE-SU-2023:2343-1
- SUSE-SU-2023:2469-1
- SUSE-SU-2023:2470-1
- SUSE-SU-2023:2471-1
- SUSE-SU-2023:2620-1
- SUSE-SU-2023:2639-1
- SUSE-SU-2023:2884-1
- SUSE-SU-2023:2937-1
- SUSE-SU-2023:2957-1
- USN-5844-1
- USN-5845-1
- USN-5845-2
- USN-5888-1
- USN-5960-1
- USN-6039-1
- USN-6119-1
- USN-6139-1
- USN-6188-1
- USN-6564-1
- USN-6672-1
- USN-6891-1
- VU:127587
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/python39 | python39 | < 3.9.17 | ||||
Affected | pkg:freebsd/python38 | python38 | < 3.8.17 | ||||
Affected | pkg:freebsd/python37 | python37 | < 3.7.17 | ||||
Affected | pkg:freebsd/python311 | python311 | < 3.11.4 | ||||
Affected | pkg:freebsd/python310 | python310 | < 3.10.12 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |