Date: Wed, 15 Feb 2012 14:33:59 +0400 From: Ruslan Mahmatkhanov <cvs-src@yandex.ru> To: wen heping <wenheping@gmail.com> Cc: Doug Barton <dougb@freebsd.org>, python@freebsd.org, FreeBSD ports list <freebsd-ports@freebsd.org> Subject: Re: Python upgrade to address vulnerability? Message-ID: <4F3B8A17.9090300@yandex.ru> In-Reply-To: <CACi771-jFi5ZgEd4i-ojovy6veyWiaFY1-kKpJ1LSQ7LbO_u9w@mail.gmail.com> References: <4F3ADE3D.706@FreeBSD.org> <4F3B7AEC.5090905@yandex.ru> <CACi771-jFi5ZgEd4i-ojovy6veyWiaFY1-kKpJ1LSQ7LbO_u9w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
wen heping wrote on 15.02.2012 14:16: > 2012/2/15 Ruslan Mahmatkhanov<cvs-src@yandex.ru> > >> Doug Barton wrote on 15.02.2012 02:20: >> >>> So apparently we have a python vulnerability according to >>> http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-** >>> 003067b2972c.html<http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html>; >>> , >>> but I'm not seeing an upgrade to address it yet. Any idea when that will >>> happen? >>> >>> >>> Thanks, >>> >>> Doug >>> >>> >> Patch is there: >> http://people.freebsd.org/~rm/**python-CVE-2012-0845.diff.txt<http://people.freebsd.org/~rm/python-CVE-2012-0845.diff.txt>; > > > Had this patch been committed into upstream? When I found it , it was in > review state. > > And CVE-2012-0845 too. > > wen Yes, it is not yet committed, but comments looks promisingly :). And i can't reproduce this bug after patching, using procedure described in bug report. -- Regards, Ruslan Tinderboxing kills... the drives.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F3B8A17.9090300>