Date: Wed, 15 Feb 2012 19:56:09 +0800 From: wen heping <wenheping@gmail.com> To: Ruslan Mahmatkhanov <cvs-src@yandex.ru> Cc: Doug Barton <dougb@freebsd.org>, python@freebsd.org, FreeBSD ports list <freebsd-ports@freebsd.org> Subject: Re: Python upgrade to address vulnerability? Message-ID: <CACi77180=kP8NXJz271_fnSjY4UrDNFUDST_ntYEyrznguiLaA@mail.gmail.com> In-Reply-To: <4F3B8A17.9090300@yandex.ru> References: <4F3ADE3D.706@FreeBSD.org> <4F3B7AEC.5090905@yandex.ru> <CACi771-jFi5ZgEd4i-ojovy6veyWiaFY1-kKpJ1LSQ7LbO_u9w@mail.gmail.com> <4F3B8A17.9090300@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
2012/2/15 Ruslan Mahmatkhanov <cvs-src@yandex.ru> > wen heping wrote on 15.02.2012 14:16: > >> 2012/2/15 Ruslan Mahmatkhanov<cvs-src@yandex.ru**> >> >> Doug Barton wrote on 15.02.2012 02:20: >>> >>> So apparently we have a python vulnerability according to >>>> http://portaudit.FreeBSD.org/****b4f8be9e-56b2-11e1-9fb7-**<http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-**>; >>>> 003067b2972c.html<http://**portaudit.FreeBSD.org/** >>>> b4f8be9e-56b2-11e1-9fb7-**003067b2972c.html<http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html>; >>>> > >>>> >>>> , >>>> but I'm not seeing an upgrade to address it yet. Any idea when that will >>>> happen? >>>> >>>> >>>> Thanks, >>>> >>>> Doug >>>> >>>> >>>> Patch is there: >>> http://people.freebsd.org/~rm/****python-CVE-2012-0845.diff.**txt<http://people.freebsd.org/~rm/**python-CVE-2012-0845.diff.txt>; >>> <http://people.freebsd.org/**~rm/python-CVE-2012-0845.diff.**txt<http://people.freebsd.org/~rm/python-CVE-2012-0845.diff.txt>; >>> > >>> >> >> >> Had this patch been committed into upstream? When I found it , it was in >> review state. >> >> And CVE-2012-0845 too. >> >> wen >> > > Yes, it is not yet committed, but comments looks promisingly :). And i > can't reproduce this bug after patching, using procedure described in bug > report. Me too :) I trust this patch too but I would like wait some time. wen > > > -- > Regards, > Ruslan > > Tinderboxing kills... the drives. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACi77180=kP8NXJz271_fnSjY4UrDNFUDST_ntYEyrznguiLaA>