[Bug 294246] lang/python3: Missing security update

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 294246] lang/python311: Missing security update"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 11 Apr 2026 10:21:07 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294246

Matthias Andree <mandree@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugs.freebsd.org/bu
                   |                            |gzilla/show_bug.cgi?id=2943
                   |                            |24
                 CC|                            |core@FreeBSD.org,
                   |                            |mandree@FreeBSD.org

--- Comment #13 from Matthias Andree <mandree@FreeBSD.org> ---
(In reply to Herbert J. Skuhra from comment #10)
Because I added python314 even before the python@ members got python313 into
the tree and I am not handing it over to the team.

Everyone feel free though to Cc: me on Python PRs that also apply to 3.14.

As to the matter, we don't need cherry picks, we can update/MFH(2026Q2) 3.14 to
3.14.4 instead. The 3.14.4 update contains the fix for leading dashes in
webbrowser.open(), so the two cherry-picks to fix these are not needed there.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294324 has 
(1) a 3.14.4 security update (sent by me as the maintainer),
and two post-3.14.4 cherry-picked security fixes for:
(2) gh-146211: Reject CR/LF in HTTP tunnel request headers
(3) gh-146333: Fix quadratic regex backtracking in configparser

Which probably want investigation/backport to older Python releases.

The PR 294324 (link above) also contains VuXML updates.

-- 
You are receiving this mail because:
You are the assignee for the bug.