Date: Wed, 15 Feb 2012 18:16:36 +0800 From: wen heping <wenheping@gmail.com> To: Ruslan Mahmatkhanov <cvs-src@yandex.ru> Cc: Doug Barton <dougb@freebsd.org>, python@freebsd.org, FreeBSD ports list <freebsd-ports@freebsd.org> Subject: Re: Python upgrade to address vulnerability? Message-ID: <CACi771-jFi5ZgEd4i-ojovy6veyWiaFY1-kKpJ1LSQ7LbO_u9w@mail.gmail.com> In-Reply-To: <4F3B7AEC.5090905@yandex.ru> References: <4F3ADE3D.706@FreeBSD.org> <4F3B7AEC.5090905@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
2012/2/15 Ruslan Mahmatkhanov <cvs-src@yandex.ru> > Doug Barton wrote on 15.02.2012 02:20: > >> So apparently we have a python vulnerability according to >> http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-** >> 003067b2972c.html<http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html>; >> , >> but I'm not seeing an upgrade to address it yet. Any idea when that will >> happen? >> >> >> Thanks, >> >> Doug >> >> > Patch is there: > http://people.freebsd.org/~rm/**python-CVE-2012-0845.diff.txt<http://people.freebsd.org/~rm/python-CVE-2012-0845.diff.txt>; Had this patch been committed into upstream? When I found it , it was in review state. And CVE-2012-0845 too. wen > > > Patch for 3.2 is taken there directly: > http://bugs.python.org/**file24522/xmlrpc_loop-1.diff<http://bugs.python.org/file24522/xmlrpc_loop-1.diff>; > > Patch for 2.5, 2.6, 2.7, 3.1 is adopted from this patch: > http://bugs.python.org/**file24513/xmlrpc_loop.diff<http://bugs.python.org/file24513/xmlrpc_loop.diff>; > > SimpleXMLRPCServer.py in 2.4 is too different and it is going to die > anyway so I didn't messed with it. > > If noone objects, I can commit it. Please tell me what should i do. > > -- > Regards, > Ruslan > > Tinderboxing kills... the drives. > ______________________________**_________________ > freebsd-python@freebsd.org mailing list > http://lists.freebsd.org/**mailman/listinfo/freebsd-**python<http://lists.freebsd.org/mailman/listinfo/freebsd-python>; > To unsubscribe, send any mail to "freebsd-python-unsubscribe@**freebsd.org<freebsd-python-unsubscribe@freebsd.org> > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACi771-jFi5ZgEd4i-ojovy6veyWiaFY1-kKpJ1LSQ7LbO_u9w>