From nobody Thu Jun 22 17:35:40 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qn6wG6jMlz4gHg2; Thu, 22 Jun 2023 17:35:42 +0000 (UTC) (envelope-from leres@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qn6wG6GrSz3rMd; Thu, 22 Jun 2023 17:35:42 +0000 (UTC) (envelope-from leres@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687455342; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F1+TyxTyager/KP9FSMuGy4evCHZeweNE8H0+OGtBhM=; b=L2bSQr64NN6xpBwtP2CFrg73wFVF5P07PWtneqjTcYFdn5xKvePIEFnSyrNZOZx8yJUI4d 0uGg8CcDn9ESCUy5BNDl/OGSeyS5dIyx5AyOK4bopTAYuCpYSzSbsJbjVbTodJVt7hMGMI MJAh+mHOkwJaQPU2PIUjLxysZ/mS3PlrRQJHQFvVZq4u8XYdHR/F3xuLAEzI5YxsiCRh79 94/sdrcp1qJZd2USQHy/lVUmBbQiygO+h50QMnM71f/TjzqqFBV6/rTPelpwZ3jQfYBuZV AWcqXXKKDSIDuEnUxl7/DUR+L3GARa5vvcz94TLkGkEy4saD6FZEetYNjkdn6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687455342; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F1+TyxTyager/KP9FSMuGy4evCHZeweNE8H0+OGtBhM=; b=wAQAOik4Xtv/8Wp9f91NxCNiY+4zhGX7hkdErmP/Kaut03uoQcMEHNYI/+jeawuhwUgOe4 CL6CBsSnNiDkvYae4vfD5Jq1OTl0RteO8OPDtZdXst/TuJodnMZzTFY4GtiKisP5oSUqIL /Xajmvo11t2lgyg5FL7G7mCzw0MLDGAZLDwfHGnRT0S9xUiVs9LMX/jDoTPUCBwMbjjYUE VIurnl6Kh3IQ+OioE6WDywcpl9jBMpH1v1grcQ3QhuenyhdIVuoLgJuB8KqL7YGpRwKztr ASJuG1jBnWfxr2ous8enF2EcrKIObZ76p3YZD7Ix1yRZA3JM5xike9fJAm1KTQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687455342; a=rsa-sha256; cv=none; b=nFJYPjSfhn2GV/Up/msNMfiQjcVepuzSFpOjk2myVg/qONLiJo+TeIziBSdEtgmqY15HAu TY7XVJZeuuHZmbus+VurTBT802Fj0GvO63w8dHslgWXqHssjjja9qmmg5X/jLf59dnw8Ih FdGtQZpppVplKzjeR4TdVmDG+e2Ng3wyHkGtKhdBQrdeFRkgfHlK/qAErhDOPWMXzkcE34 akvmzg+/uJI9tsXlkPuWzdUouqOt4vJI5fL+9/mbxfChDtwqdauvquxm/XLKqfl9hPx9FO 694kYqDp2JiZgDJeSpy/PC5Tx86fkbF1e62ixunQOwDbQh9/Xa8MbxLpRbYpSg== Received: from [IPV6:fd:1965::2] (unknown [IPv6:2600:1700:ab1b:6800::49]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: leres) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Qn6wG2hTSz12qw; Thu, 22 Jun 2023 17:35:42 +0000 (UTC) (envelope-from leres@freebsd.org) Message-ID: Date: Thu, 22 Jun 2023 10:35:40 -0700 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: git: 6a95bd16a497 - main - security/vuxml: correct range after previous commit for py39-setuptools Content-Language: en-US To: Eugene Grosbein , ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org References: <202306221409.35ME9dHA066668@gitrepo.freebsd.org> From: Craig Leres In-Reply-To: <202306221409.35ME9dHA066668@gitrepo.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ThisMailContainsUnwantedMimeParts: N On 6/22/23 07:09, Eugene Grosbein wrote: > The branch main has been updated by eugen: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=6a95bd16a497674631f906d8c98690686c555cc9 > > commit 6a95bd16a497674631f906d8c98690686c555cc9 > Author: Eugene Grosbein > AuthorDate: 2023-06-22 14:06:12 +0000 > Commit: Eugene Grosbein > CommitDate: 2023-06-22 14:09:33 +0000 > > security/vuxml: correct range after previous commit for py39-setuptools > > Fixes: a3d611120fccf3b51b3dc62ec9246588e7d7a8ac > --- > security/vuxml/vuln/2023.xml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml > index 5cd8ec24d829..cd13f7023658 100644 > --- a/security/vuxml/vuln/2023.xml > +++ b/security/vuxml/vuln/2023.xml > @@ -2835,7 +2835,7 @@ > py39-setuptools > 44.1.1 > 57.0.058.5.3_3 > - 63.1.0_1 > + 62.1.063.1.0_1 > > > Does this also need to be adjusted for python 2.7 as well? pkg audit still flags the package after a3d611120fcc. Craig dot 11 # pkg audit -F vulnxml file up-to-date py27-setuptools44-44.1.1_1 is vulnerable: py27-setuptools44 -- denial of service vulnerability CVE: CVE-2022-40897 WWW: https://vuxml.FreeBSD.org/freebsd/187ab98e-2953-4495-b379-4060bd4b75ee.html 1 problem(s) in 1 installed package(s) found. dot 12 # pkg info -r py27-setuptools44 py27-dnspython1 py27-setuptools44-44.1.1_1: py27-dnspython1-1.16.0 py27-dnspython1-1.16.0: mailman-2.1.39_1