From nobody Sat Jan 03 20:23:39 2026 X-Original-To: python@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dkBpk4sL4z6Mn7J for ; Sat, 03 Jan 2026 20:23:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dkBpk29Rmz3d5c for ; Sat, 03 Jan 2026 20:23:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767471822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q81idu7OiCt9YXOTJ3ojMcXP/oISvEtgnaVM9QqeSXs=; b=AIcDALQOWrewJAGkXrVdt+qVJthPAsY94k6QPItqcRT98+oWYUZ+NXzib9aRGbXoqfg74o 6EOrtRLiSuZThtf2fhDT+gxJ4IU5SMlUfJ0KnnEp4LJLR01f4hBSD/ZFcIHFh5HYtmb5bp HDOtqQSU+hJLZEHXCpJRQUhKP70ZjEl1ZL6r4s+QE+dq6oESiYwxlolR9bLfx2Cbsr0xT1 76yalohuNweUEBgzXb37Jt9zgeYNH8a/Z6vRvkWKt/U6+Rv7U7ISNc9jxiNKwdkAgH7BdR ++BfekjFFV9pZRApd6nyWECzVqCZ8d9v469m6bvgefH6P3nqobd40TfSwLUsKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767471822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q81idu7OiCt9YXOTJ3ojMcXP/oISvEtgnaVM9QqeSXs=; b=OaGYMng+D01yIok5h15c7wKs26z8TR7aAt3/vtoovZUwEeoh4gyuS+H2BdmLaRAQh98rEE /Jit5OAaEom83wgj9PfFKjT/+nkL+bHDoG02mNoXq22f5G+2jX7RYurzNeiZh1LxpF1ME4 cI61X8ZYdMb01aCWroHa511jmNbbuP48TA+KfYHRzN1xbqIC26tJKzlJ0bYa14MzfMYNv2 LBC5yY2kmEIQWZM4B3x6yxba7hjTa8gJeKQK04LOFTp2CCTMeXXq5/lxSxj5YRB7Je/BxY UWY0w/A99mutxPUAzjAO9vu+f1CC4IcGo0N6CG7kiYurcwKQTpW4DJ0hBMnoAw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1767471822; a=rsa-sha256; cv=none; b=cyYgeVt+LklZvasVr9wEXcIf/nMWNJNo+md40fYVXtrZ6wMg8Xo3ZNBw6WkAt9qzNp0rUh jPugud6EmBj87Jd2bvb/THWukwq5WU0vZuCNEObv6TzwyvJvvw61esAcNGI1UBroF16A+O bBwliInyxNB0/7bG8xr5dMampOjIHwyRNJ1tf+NivW9iGHPG30wJucCHONxihIzyYh6I+9 PSrjg8+rZUuREmD9sLE0/3cch9kxiFPGIervdmFnMWBB+obbGS5Fxs0tClqk+Ctw1Chfx3 +Udd5CeKXLqk9jb+auWBHohNZDBNz3N16r5xVoN2/bD4VHsYmj1bjkQJKEgVFg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4dkBpk1R2Qz1HdR for ; Sat, 03 Jan 2026 20:23:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 603KNgsw054210 for ; Sat, 3 Jan 2026 20:23:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 603KNg8r054209 for python@FreeBSD.org; Sat, 3 Jan 2026 20:23:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 291609] lang/python311: Missing security update Date: Sat, 03 Jan 2026 20:23:39 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: vishwin@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: python@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback+ X-Bugzilla-Changed-Fields: flagtypes.name Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: FreeBSD-specific Python issues List-Archive: https://lists.freebsd.org/archives/freebsd-python List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-python@freebsd.org Sender: owner-freebsd-python@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D291609 Charlie Li changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|maintainer-feedback- |maintainer-feedback+ --- Comment #6 from Charlie Li --- [maintainer-timeout does not get to be overridden when it was already set b= y a maintainer, especially when feedback was provided] CVE-2025-13836: https://github.com/python/cpython/issues/119451 Upstream outstanding pull requests (they are backported from the main one linked from the PR): 3.11: https://github.com/python/cpython/pull/142141 3.10: https://github.com/python/cpython/pull/142142 CVE-2025-12084: https://github.com/python/cpython/issues/142145 Upstream outstanding pull requests: 3.11: https://github.com/python/cpython/pull/142212 3.10: https://github.com/python/cpython/pull/142213 None of these have been committed to their respective branches. Ports will = not include these fixes until upstream commits them, after which PORTREVISION b= umps can happen until they cut new releases. (In reply to Torsten Zuehlsdorff from comment #3) It is ultimately up to the upstream CPython project to commit their fixes appropriately. Using stuff that upstream has not fully blessed, ie through solid commits, does not provide us and our users a good support trail. --=20 You are receiving this mail because: You are the assignee for the bug.=