Date: Mon, 3 Mar 2014 11:20:19 +0400 From: Dmitry Sivachenko <trtrmitya@gmail.com> To: JEREMY COX <jeremy.m.cox@gmail.com> Cc: "freebsd-python@freebsd.org" <freebsd-python@freebsd.org> Subject: Re: pyhon33 still listed as vulnerable Message-ID: <B09BA639-565A-40C6-A5E1-46555213BE8B@gmail.com> In-Reply-To: <CAPH9q1p0vzjzmhyeQKqMp=JWp22sMJPSa4vBywEcgAgYuKojqA@mail.gmail.com> References: <CAPH9q1p0vzjzmhyeQKqMp=JWp22sMJPSa4vBywEcgAgYuKojqA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I already fixed that yesterday, update your ports tree. > 03 =CD=C1=D2=D4=C1 2014 =C7., =D7 11:05, JEREMY COX <jeremy.m.cox@gmail.co= m> =CE=C1=D0=C9=D3=C1=CC(=C1): >=20 > Hello all, > I was having difficulty updating python33 today, even though the > vulnerability to python 3.3.3_2 (CVE-2014-1912) was patched. After > verifying with Freshports python 3.3.3_3 was correct, I used >=20 > *portmaster -m DISABLE_VULNERABILITIES=3Dyes python33* >=20 > to update the port. However, pkg audit is still complaining the port is > vulnerable: >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > *root@riotskates:/ # pkg auditpython33-3.3.3_3 is vulnerable:Python -- > buffer overflow in socket.recvfrom_into()CVE: CVE-2014-1912WWW: > http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html > <http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html>1 > problem(s) in the installed packages found.* >=20 >=20 > I'm not familiar with inconsistencies found between the ports tree (which > is obviously correct) and portaudit.FreeBSD.org (I've actually never seen > this problem before). Is there something I need to update to fix this on > my machine or will this be caught upstream sometime later on? >=20 > N.B. BTW I updated python27 with no problems at all. >=20 > Thank you for your time, >=20 > Jeremy > _______________________________________________ > freebsd-python@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-python > To unsubscribe, send any mail to "freebsd-python-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B09BA639-565A-40C6-A5E1-46555213BE8B>