FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

python 3.7 -- multiple vulnerabilities

Affected packages
python37 < 3.7.5

Details

VuXML ID 9b7491fb-f253-11e9-a50c-000c29c4dc65
Discovery 2019-09-14
Entry 2019-10-19

Python changelog:

bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML.

bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903.

bpo-37764: Fixes email._header_value_parser.get_unstructured going into an infinite loop for a specific case in which the email header does not have trailing whitespace, and the case in which it contains an invalid encoded word.

bpo-37461: Fix an infinite loop when parsing specially crafted email headers.

bpo-34155: Fix parsing of invalid email addresses with more than one @ (e.g. a@b@c.com.) to not return the part before 2nd @ as valid email address.

References

CVE Name CVE-2019-15903
URL https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-5-final