FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- multiple vulnerabilities

Affected packages
python36 < 3.6.15
python37 < 3.7.12

Details

VuXML ID 0e561173-0fa9-11ec-a2fa-080027948c12
Discovery 2021-08-30
Entry 2021-09-07

Python reports:

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS.

bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.

References

URL https://docs.python.org/3.6/whatsnew/changelog.html#changelog
URL https://docs.python.org/3.7/whatsnew/changelog.html#changelog