FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

python -- several vulnerabilities

Affected packages
0	<=	python39
0	<=	python310
0	<=	python311
0	<=	python312
3.13.0	<=	python313	<	3.13.11
3.14.0	<=	python314	<	3.14.2

Details

VuXML ID	613d0f9e-d477-11f0-9e85-03ddfea11990
Discovery	2024-05-23
Entry	2025-12-08

Hugo van Kemenade reports:

Python 3.14.2 and 3.13.11 are now available [... and] come with some bonus security fixes.

gh-142145: Remove quadratic behavior in node ID cache clearing (CVE-2025-12084)

gh-119451: Fix a potential denial of service in http.client [only in 3.13; CVE-2025-13836]

gh-119452: Fix a potential virtual memory allocation denial of service in http.server [affects platforms without fork()]

[source]

References

CVE Name	CVE-2025-12084
CVE Name	CVE-2025-13836
URL	https://docs.python.org/release/3.13.11/whatsnew/changelog.html
URL	https://docs.python.org/release/3.14.2/whatsnew/changelog.html
URL	https://github.com/python/cpython/issues/119451
URL	https://github.com/python/cpython/issues/119452
URL	https://github.com/python/cpython/issues/142145
URL	https://pythoninsider.blogspot.com/2025/12/python-3142-and-31311-are-now-available.html