Date: Mon, 3 Mar 2014 01:05:36 -0600 From: JEREMY COX <jeremy.m.cox@gmail.com> To: freebsd-python@freebsd.org Subject: pyhon33 still listed as vulnerable Message-ID: <CAPH9q1p0vzjzmhyeQKqMp=JWp22sMJPSa4vBywEcgAgYuKojqA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello all, I was having difficulty updating python33 today, even though the vulnerability to python 3.3.3_2 (CVE-2014-1912) was patched. After verifying with Freshports python 3.3.3_3 was correct, I used *portmaster -m DISABLE_VULNERABILITIES=yes python33* to update the port. However, pkg audit is still complaining the port is vulnerable: *root@riotskates:/ # pkg auditpython33-3.3.3_3 is vulnerable:Python -- buffer overflow in socket.recvfrom_into()CVE: CVE-2014-1912WWW: http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html <http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html>1 problem(s) in the installed packages found.* I'm not familiar with inconsistencies found between the ports tree (which is obviously correct) and portaudit.FreeBSD.org (I've actually never seen this problem before). Is there something I need to update to fix this on my machine or will this be caught upstream sometime later on? N.B. BTW I updated python27 with no problems at all. Thank you for your time, Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPH9q1p0vzjzmhyeQKqMp=JWp22sMJPSa4vBywEcgAgYuKojqA>