From owner-freebsd-python@FreeBSD.ORG Wed Feb 15 10:34:45 2012 Return-Path: Delivered-To: python@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5286C1065674; Wed, 15 Feb 2012 10:34:45 +0000 (UTC) (envelope-from cvs-src@yandex.ru) Received: from forward11.mail.yandex.net (forward11.mail.yandex.net [IPv6:2a02:6b8:0:801::1]) by mx1.freebsd.org (Postfix) with ESMTP id B252F8FC27; Wed, 15 Feb 2012 10:34:44 +0000 (UTC) Received: from smtp12.mail.yandex.net (smtp12.mail.yandex.net [95.108.131.191]) by forward11.mail.yandex.net (Yandex) with ESMTP id 096B5E845F7; Wed, 15 Feb 2012 14:34:43 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1329302083; bh=I/UODUcNyBZo1f3g6Nw5ghh1agFRDkSUzzNF7WSbb6g=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=IX8bu1IPnMXneo8AWrnVBhrgXGYpBkHWmMrQU0kHQVKrQaXz7+ZnDIlFJ/EHqY4i4 XR6DYnlA0xW1NwN+ahevgXE4A3O8PVaw1XKFushpmb+vNCCdxgxfmeJnw/j6BwOp3T 2/4IMzVyD0QN79GvblwLM9LnAqxpKWx22+IiuY6M= Received: from smtp12.mail.yandex.net (localhost [127.0.0.1]) by smtp12.mail.yandex.net (Yandex) with ESMTP id BDBAC16A03E4; Wed, 15 Feb 2012 14:34:42 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1329302082; bh=I/UODUcNyBZo1f3g6Nw5ghh1agFRDkSUzzNF7WSbb6g=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=UX9NaX1/g2ZND98I6qtO8sT16/7la96BH/XociDW6Mvtbm5J1+bpzuIzSefDMNDad WR6ZDTguEW/5uxW0UGb3KuZO9x2UFHeHvlPqjHJTZuc30mzPK1Esxg7InLyX4JR02F BTvc4po7oinQe1t1KL0qE4V8z9QZhB2Vk1LMtNWQ= Received: from unknown (unknown [213.27.65.65]) by smtp12.mail.yandex.net (nwsmtp/Yandex) with ESMTP id YfiuFjlw-YgiGDaTi; Wed, 15 Feb 2012 14:34:42 +0400 X-Yandex-Spam: 1 Message-ID: <4F3B8A17.9090300@yandex.ru> Date: Wed, 15 Feb 2012 14:33:59 +0400 From: Ruslan Mahmatkhanov User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:10.0.1) Gecko/20120214 Thunderbird/10.0.1 MIME-Version: 1.0 To: wen heping References: <4F3ADE3D.706@FreeBSD.org> <4F3B7AEC.5090905@yandex.ru> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Doug Barton , python@freebsd.org, FreeBSD ports list Subject: Re: Python upgrade to address vulnerability? X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2012 10:34:45 -0000 wen heping wrote on 15.02.2012 14:16: > 2012/2/15 Ruslan Mahmatkhanov > >> Doug Barton wrote on 15.02.2012 02:20: >> >>> So apparently we have a python vulnerability according to >>> http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-** >>> 003067b2972c.html >>> , >>> but I'm not seeing an upgrade to address it yet. Any idea when that will >>> happen? >>> >>> >>> Thanks, >>> >>> Doug >>> >>> >> Patch is there: >> http://people.freebsd.org/~rm/**python-CVE-2012-0845.diff.txt > > > Had this patch been committed into upstream? When I found it , it was in > review state. > > And CVE-2012-0845 too. > > wen Yes, it is not yet committed, but comments looks promisingly :). And i can't reproduce this bug after patching, using procedure described in bug report. -- Regards, Ruslan Tinderboxing kills... the drives.