Date: Wed, 15 Feb 2012 13:29:16 +0400 From: Ruslan Mahmatkhanov <cvs-src@yandex.ru> To: Doug Barton <dougb@FreeBSD.org> Cc: python@FreeBSD.org, FreeBSD ports list <freebsd-ports@FreeBSD.org> Subject: Re: Python upgrade to address vulnerability? Message-ID: <4F3B7AEC.5090905@yandex.ru> In-Reply-To: <4F3ADE3D.706@FreeBSD.org> References: <4F3ADE3D.706@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton wrote on 15.02.2012 02:20: > So apparently we have a python vulnerability according to > http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html, > but I'm not seeing an upgrade to address it yet. Any idea when that will > happen? > > > Thanks, > > Doug > Patch is there: http://people.freebsd.org/~rm/python-CVE-2012-0845.diff.txt Patch for 3.2 is taken there directly: http://bugs.python.org/file24522/xmlrpc_loop-1.diff Patch for 2.5, 2.6, 2.7, 3.1 is adopted from this patch: http://bugs.python.org/file24513/xmlrpc_loop.diff SimpleXMLRPCServer.py in 2.4 is too different and it is going to die anyway so I didn't messed with it. If noone objects, I can commit it. Please tell me what should i do. -- Regards, Ruslan Tinderboxing kills... the drives.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F3B7AEC.5090905>