Re: python38-3.8.11 is vulnerable

Reply: LuMiWa via python : "Re: python38-3.8.11 is vulnerable"
In reply to: LuMiWa via python : "python38-3.8.11 is vulnerable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kubilay Kocak <koobs_at_FreeBSD.org>
Date: Mon, 13 Sep 2021 23:55:19 UTC

On 12/09/2021 11:17 pm, LuMiWa via python wrote:
> Hi!
> 
> I start using latest binary packages and my questuions if is better to
> use ports for some port in this case for Pythong because ports as I
> know I faster update for vulnerabilities.
> 
>   pkg audit -F
> vulnxml file up-to-date
> python38-3.8.11 is vulnerable:
>    Python -- multiple vulnerabilities
>    WWW:
>    https://vuxml.FreeBSD.org/freebsd/145ce848-1165-11ec-ac7e-08002789875b.html
> 
> Thank you.
> 

All Python language ports (lang/python*) bugfix and security updates 
should be committed to head and then merged to quarterly as part of the 
same task as a matter of course.

The python38 update is being tracked here:

   https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258195

Once committed/merged, the availability of updates packages is 
contingent on the package building infrastructure, which can take up to 
  a few days to complete on average, if there are no other issues.

./koobs