Diffusion FreeBSD ports repository ac8b1c329372

lang/python314: SECURITY update to v3.14.3
ac8b1c329372
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

lang/python314: SECURITY update to v3.14.3

ChangeLog: https://docs.python.org/release/3.14.3/whatsnew/changelog.html
MFH: 2026Q1 (immediately)

Security fixes:

gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).

gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs.

gh-143925: Reject control characters in data: URL media types.

gh-143919: Reject control characters in http.cookies.Morsel fields and values.

gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters.

Security: CVE-2026-0865
Security: CVE-2026-1299
Security: bfe9adc8-0224-11f1-8790-c5fb948922ad

Details

Provenance

Authored on Feb 4 2026, 11:52 PM

Parents

R11:a950cda2477c: security/vuxml: add python <3.14.3 <3.13.12 security issues

Branches

Unknown

Tags

Unknown

Event Timeline

mandree committed R11:ac8b1c329372: lang/python314: SECURITY update to v3.14.3 (authored by mandree).Feb 5 2026, 12:14 AM

mandree mentioned this in R11:68ea4f718786: lang/python314: SECURITY update to v3.14.3.Feb 5 2026, 12:27 AM

Changes (3)

Path

Size

lang/

python314/

Makefile.version

R11:ac8b1c329372

lang/python314/Makefile.version

Loading...

lang/python314/distinfo

Loading...

lang/python314/pkg-plist

Loading...