FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- multiple vulnerabilities

Affected packages
python38 < 3.8.18
python39 < 3.9.18
python310 < 3.10.13
python311 < 3.11.5

Details

VuXML ID a57472ba-4d84-11ee-bf05-000c29de725b
Discovery 2023-08-22
Entry 2023-09-07

Python reports:

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data.

[source]

References

CVE Name CVE-2023-40217
URL https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.