From owner-freebsd-python@FreeBSD.ORG Mon Mar 3 07:20:22 2014 Return-Path: Delivered-To: freebsd-python@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 722889EF for ; Mon, 3 Mar 2014 07:20:22 +0000 (UTC) Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id ED7B7252 for ; Mon, 3 Mar 2014 07:20:21 +0000 (UTC) Received: by mail-la0-f53.google.com with SMTP id b8so4285867lan.26 for ; Sun, 02 Mar 2014 23:20:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=MglMCGKbyfhFG0bPEu1f1+wuN9KvibC+nqflhASg3gA=; b=mcL/ZSSuo56oWEMEEWqZUmjWPYQsTsni9gojnJzM3OMuaRLlWk/80wUtbk+XbhwVeI D+MeHst/2xfmqIOZ4Rk+UNqZcgI0A+7L/CZYNk1Q+anBFf8MFSNDPt8L1rnBaL+dKsEi w+8N/QnqXcPu46SaANH4gCWKA3kBryDU/oAQequJ/6ys72eHbz28W21Ks/PaRMHw2CIw sLZLTTqX8ipk4EekKa+CBlVnCsjYShO28sq1iFwSjwK/dSlCmeRWuvgHyf9udajj4XHS uoU0IUvpMv41kvKB20U+svh2BRT6svfMHlxHS1Y/s40P0PwLJQ0QLWKNPeUhl1X3oHVU QI2g== X-Received: by 10.112.143.228 with SMTP id sh4mr370161lbb.57.1393831219911; Sun, 02 Mar 2014 23:20:19 -0800 (PST) Received: from [10.0.1.4] ([176.193.163.131]) by mx.google.com with ESMTPSA id h7sm14779326lbj.1.2014.03.02.23.20.18 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 02 Mar 2014 23:20:18 -0800 (PST) References: Mime-Version: 1.0 (1.0) In-Reply-To: Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: quoted-printable Message-Id: X-Mailer: iPhone Mail (11B651) From: Dmitry Sivachenko Subject: Re: pyhon33 still listed as vulnerable Date: Mon, 3 Mar 2014 11:20:19 +0400 To: JEREMY COX Cc: "freebsd-python@freebsd.org" X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 07:20:22 -0000 I already fixed that yesterday, update your ports tree. > 03 =CD=C1=D2=D4=C1 2014 =C7., =D7 11:05, JEREMY COX =CE=C1=D0=C9=D3=C1=CC(=C1): >=20 > Hello all, > I was having difficulty updating python33 today, even though the > vulnerability to python 3.3.3_2 (CVE-2014-1912) was patched. After > verifying with Freshports python 3.3.3_3 was correct, I used >=20 > *portmaster -m DISABLE_VULNERABILITIES=3Dyes python33* >=20 > to update the port. However, pkg audit is still complaining the port is > vulnerable: >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > *root@riotskates:/ # pkg auditpython33-3.3.3_3 is vulnerable:Python -- > buffer overflow in socket.recvfrom_into()CVE: CVE-2014-1912WWW: > http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html > 1 > problem(s) in the installed packages found.* >=20 >=20 > I'm not familiar with inconsistencies found between the ports tree (which > is obviously correct) and portaudit.FreeBSD.org (I've actually never seen > this problem before). Is there something I need to update to fix this on > my machine or will this be caught upstream sometime later on? >=20 > N.B. BTW I updated python27 with no problems at all. >=20 > Thank you for your time, >=20 > Jeremy > _______________________________________________ > freebsd-python@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-python > To unsubscribe, send any mail to "freebsd-python-unsubscribe@freebsd.org"