FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- multiple vulnerabilities

Affected packages
python37 < 3.7.9
python36 < 3.6.12

Details

VuXML ID 3fcb70a4-e22d-11ea-98b2-080027846a02
Discovery 2020-06-17
Entry 2020-08-19

Python reports:

bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523).

bpo-41004: CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).

bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(...).

References

CVE Name CVE-2020-14422
CVE Name CVE-2020-15523
URL https://docs.python.org/release/3.6.12/whatsnew/changelog.html#changelog
URL https://docs.python.org/release/3.7.9/whatsnew/changelog.html#changelog