From owner-freebsd-python@FreeBSD.ORG Wed Feb 15 10:47:36 2012 Return-Path: Delivered-To: python@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB52B1065672; Wed, 15 Feb 2012 10:47:36 +0000 (UTC) (envelope-from wenheping@gmail.com) Received: from mail-tul01m020-f182.google.com (mail-tul01m020-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id A19648FC14; Wed, 15 Feb 2012 10:47:36 +0000 (UTC) Received: by obcwo16 with SMTP id wo16so1700148obc.13 for ; Wed, 15 Feb 2012 02:47:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=B8rxtB2o9S8OHAhxhYNAA6F3RwpL0v1BsFzIUYSk8yU=; b=QYx4yIeHSxtCJh+F6bs6mHMa3/cbnxJykUQkb2NX7cOGQ0aszdCiEo8hGSklLzzeHg Enfhc6IhrSPPnDeaflDOQWZvbRzC9z+yFCAvZaPgC+//7By4ROBupcZ8D5aKjeQRC/03 aBQD+16tn0LsdqJDjYWGMJv7/RlAv8RCnH1Fs= MIME-Version: 1.0 Received: by 10.182.8.69 with SMTP id p5mr18276171oba.28.1329300996992; Wed, 15 Feb 2012 02:16:36 -0800 (PST) Received: by 10.182.227.74 with HTTP; Wed, 15 Feb 2012 02:16:36 -0800 (PST) In-Reply-To: <4F3B7AEC.5090905@yandex.ru> References: <4F3ADE3D.706@FreeBSD.org> <4F3B7AEC.5090905@yandex.ru> Date: Wed, 15 Feb 2012 18:16:36 +0800 Message-ID: From: wen heping To: Ruslan Mahmatkhanov Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Doug Barton , python@freebsd.org, FreeBSD ports list Subject: Re: Python upgrade to address vulnerability? X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2012 10:47:37 -0000 2012/2/15 Ruslan Mahmatkhanov > Doug Barton wrote on 15.02.2012 02:20: > >> So apparently we have a python vulnerability according to >> http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-** >> 003067b2972c.html >> , >> but I'm not seeing an upgrade to address it yet. Any idea when that will >> happen? >> >> >> Thanks, >> >> Doug >> >> > Patch is there: > http://people.freebsd.org/~rm/**python-CVE-2012-0845.diff.txt Had this patch been committed into upstream? When I found it , it was in review state. And CVE-2012-0845 too. wen > > > Patch for 3.2 is taken there directly: > http://bugs.python.org/**file24522/xmlrpc_loop-1.diff > > Patch for 2.5, 2.6, 2.7, 3.1 is adopted from this patch: > http://bugs.python.org/**file24513/xmlrpc_loop.diff > > SimpleXMLRPCServer.py in 2.4 is too different and it is going to die > anyway so I didn't messed with it. > > If noone objects, I can commit it. Please tell me what should i do. > > -- > Regards, > Ruslan > > Tinderboxing kills... the drives. > ______________________________**_________________ > freebsd-python@freebsd.org mailing list > http://lists.freebsd.org/**mailman/listinfo/freebsd-**python > To unsubscribe, send any mail to "freebsd-python-unsubscribe@**freebsd.org > " >