Lucene search

K
freebsdFreeBSD032643D7-0BA7-11EC-A689-080027E50E6D
HistoryAug 30, 2021 - 12:00 a.m.

Python -- multiple vulnerabilities

2021-08-3000:00:00
vuxml.freebsd.org
20

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

76.9%

Python reports:

bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid
a potential race condition.
bpo-41180: Add auditing events to the marshal module, and stop raising
code.init events for every unmarshalled code object. Directly instantiated
code objects will continue to raise an event, and audit event handlers should
inspect or collect the raw marshal data. This reduces a significant performance
overhead when loading from .pyc files.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 β€œBillion Laughs” vulnerability. This copy is most used
on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpython39<Β 3.9.7UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

76.9%