maintainer-feedback requested: [Bug 294246] lang/python311: Missing security update

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 294246] lang/python311: Missing security update"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 04 Apr 2026 14:09:44 UTC

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-python (Nobody)
<python@FreeBSD.org> for maintainer-feedback:
Bug 294246: lang/python311: Missing security update
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294246



--- Description ---
python311-3.11.15 is vulnerable:
  Python -- poplib module, when passed a user-controlled command, can have
additional commands injected using newlines
  CVE: CVE-2025-15367
  WWW:
https://vuxml.FreeBSD.org/freebsd/6d3488ae-2e0f-11f1-88c7-00a098b42aeb.html

  Python -- imaplib module, when passed a user-controlled command, can have
additional commands injected using newlines
  CVE: CVE-2025-15366
  WWW:
https://vuxml.FreeBSD.org/freebsd/0be929a5-2e0f-11f1-88c7-00a098b42aeb.html

  Python -- The webbrowser.open() API allows leading dashes
  CVE: CVE-2026-4519
  WWW:
https://vuxml.FreeBSD.org/freebsd/9fdad262-2e0f-11f1-88c7-00a098b42aeb.html