FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- multiple vulnerabilities

Affected packages
python37 < 3.7.14
python38 < 3.8.14
python39 < 3.9.14
python310 < 3.10.7

Details

VuXML ID 80e057e7-2f0a-11ed-978f-fcaa147e860e
Discovery 2020-03-20
Entry 2022-09-08

Python reports:

gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity.

gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.

[source]

References

CVE Name CVE-2020-10735
URL https://docs.python.org/release/3.7.14/whatsnew/changelog.html#changelog

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.