[Bug 294486] lang/python314: needs fix for CVE-2026-6100 use-after-free in decompressors when reusing instances after MemoryError

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 17 Apr 2026 09:04:07 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294486

--- Comment #4 from Matthias Andree <mandree@FreeBSD.org> ---
The branch main has been updated by diizzy:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=22584e71f43f5a2b074284c2122eda58440080fa

commit 22584e71f43f5a2b074284c2122eda58440080fa
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2026-04-13 17:33:16 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2026-04-16 21:38:32 +0000

    security/vuxml: Add entry for Python CVE-2026-6100

    Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor
    and gzip.GzipFile

    Obtained from:  GitHub repo
    Security:       b8e9f33c-375d-11f1-a119-e36228bfe7d4
                    CVE-2026-6100
---
 security/vuxml/vuln/2026.xml | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

-- 
You are receiving this mail because:
You are the assignee for the bug.