From owner-freebsd-ports@FreeBSD.ORG  Wed Feb 15 11:56:10 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8E0C7106566C;
	Wed, 15 Feb 2012 11:56:10 +0000 (UTC)
	(envelope-from wenheping@gmail.com)
Received: from mail-tul01m020-f182.google.com (mail-tul01m020-f182.google.com
	[209.85.214.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 364C78FC0C;
	Wed, 15 Feb 2012 11:56:09 +0000 (UTC)
Received: by obcwo16 with SMTP id wo16so1806568obc.13
	for <multiple recipients>; Wed, 15 Feb 2012 03:56:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=t4DS0Vl876G6gXksuQIvjvEalJeXErElYGIMbCKHyMU=;
	b=XlmSPr7EjSD50kKZpgFuvtwsdLwcwjeGyovjB2zzgDX8HztURHqawMt93ngYPz5Zr/
	JRLw7WM7Me6PqcXmR1Cpn4nuPWkpbaOY7uj4RIQg12B7Gk35JipTGeLk6o/qVg1Bs7Sr
	JBD27bXsA3/ZFdxAyER9byRs3lcLsZ6m2519I=
MIME-Version: 1.0
Received: by 10.182.85.103 with SMTP id g7mr18214207obz.38.1329306969607; Wed,
	15 Feb 2012 03:56:09 -0800 (PST)
Received: by 10.182.227.74 with HTTP; Wed, 15 Feb 2012 03:56:09 -0800 (PST)
In-Reply-To: <4F3B8A17.9090300@yandex.ru>
References: <4F3ADE3D.706@FreeBSD.org> <4F3B7AEC.5090905@yandex.ru>
	<CACi771-jFi5ZgEd4i-ojovy6veyWiaFY1-kKpJ1LSQ7LbO_u9w@mail.gmail.com>
	<4F3B8A17.9090300@yandex.ru>
Date: Wed, 15 Feb 2012 19:56:09 +0800
Message-ID: <CACi77180=kP8NXJz271_fnSjY4UrDNFUDST_ntYEyrznguiLaA@mail.gmail.com>
From: wen heping <wenheping@gmail.com>
To: Ruslan Mahmatkhanov <cvs-src@yandex.ru>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: Doug Barton <dougb@freebsd.org>, python@freebsd.org,
	FreeBSD ports list <freebsd-ports@freebsd.org>
Subject: Re: Python upgrade to address vulnerability?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2012 11:56:10 -0000

2012/2/15 Ruslan Mahmatkhanov <cvs-src@yandex.ru>

> wen heping wrote on 15.02.2012 14:16:
>
>> 2012/2/15 Ruslan Mahmatkhanov<cvs-src@yandex.ru**>
>>
>>  Doug Barton wrote on 15.02.2012 02:20:
>>>
>>>  So apparently we have a python vulnerability according to
>>>> http://portaudit.FreeBSD.org/****b4f8be9e-56b2-11e1-9fb7-**<http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-**>
>>>> 003067b2972c.html<http://**portaudit.FreeBSD.org/**
>>>> b4f8be9e-56b2-11e1-9fb7-**003067b2972c.html<http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html>
>>>> >
>>>>
>>>> ,
>>>> but I'm not seeing an upgrade to address it yet. Any idea when that will
>>>> happen?
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Doug
>>>>
>>>>
>>>>  Patch is there:
>>> http://people.freebsd.org/~rm/****python-CVE-2012-0845.diff.**txt<http://people.freebsd.org/~rm/**python-CVE-2012-0845.diff.txt>
>>> <http://people.freebsd.org/**~rm/python-CVE-2012-0845.diff.**txt<http://people.freebsd.org/~rm/python-CVE-2012-0845.diff.txt>
>>> >
>>>
>>
>>
>> Had this patch been committed into upstream? When I found it , it was in
>> review state.
>>
>> And CVE-2012-0845 too.
>>
>> wen
>>
>
> Yes, it is not yet committed, but comments looks promisingly :). And i
> can't reproduce this bug after patching, using procedure described in bug
> report.


Me too :)
I trust this patch too but I would like wait some time.

wen



>
>
> --
> Regards,
> Ruslan
>
> Tinderboxing kills... the drives.
>