Re: git: 6a95bd16a497 - main - security/vuxml: correct range after previous commit for py39-setuptools

On 6/22/23 07:09, Eugene Grosbein wrote:
> The branch main has been updated by eugen:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=6a95bd16a497674631f906d8c98690686c555cc9
> 
> commit 6a95bd16a497674631f906d8c98690686c555cc9
> Author:     Eugene Grosbein <eugen@FreeBSD.org>
> AuthorDate: 2023-06-22 14:06:12 +0000
> Commit:     Eugene Grosbein <eugen@FreeBSD.org>
> CommitDate: 2023-06-22 14:09:33 +0000
> 
>      security/vuxml: correct range after previous commit for py39-setuptools
>      
>      Fixes:  a3d611120fccf3b51b3dc62ec9246588e7d7a8ac
> ---
>   security/vuxml/vuln/2023.xml | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
> index 5cd8ec24d829..cd13f7023658 100644
> --- a/security/vuxml/vuln/2023.xml
> +++ b/security/vuxml/vuln/2023.xml
> @@ -2835,7 +2835,7 @@
>       <name>py39-setuptools</name>
>       <range><lt>44.1.1</lt></range>
>       <range><ge>57.0.0</ge><lt>58.5.3_3</lt></range>
> -    <range><lt>63.1.0_1</lt></range>
> +    <range><ge>62.1.0</ge><lt>63.1.0_1</lt></range>
>         </package>
>       </affects>
>       <description>

Does this also need to be adjusted for python 2.7 as well? pkg audit 
still flags the package after a3d611120fcc.

		Craig

dot 11 # pkg audit -F
vulnxml file up-to-date
py27-setuptools44-44.1.1_1 is vulnerable:
   py27-setuptools44 -- denial of service vulnerability
   CVE: CVE-2022-40897
   WWW: 
https://vuxml.FreeBSD.org/freebsd/187ab98e-2953-4495-b379-4060bd4b75ee.html

1 problem(s) in 1 installed package(s) found.
dot 12 # pkg info -r py27-setuptools44 py27-dnspython1
py27-setuptools44-44.1.1_1:
         py27-dnspython1-1.16.0
py27-dnspython1-1.16.0:
         mailman-2.1.39_1