[Bug 270744] security/vuxml: 20 new entries for vulnerable ports

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 270744] 20 VuXML new entries for vulnerable ports"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 12 Apr 2023 04:19:06 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744

Philip Paeps <philip@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Open                        |In Progress

--- Comment #4 from Philip Paeps <philip@FreeBSD.org> ---
Listing the flavours that currently exist leaves open the possibility that
someone installs a vulnerable package for a future flavour of Python -- one
that does not yet exist at the time the vulnerability is recorded.

The long-term solution would be for "pkg audit" to become aware of flavours.

For now, I think your proposed patch is good enough.

-- 
You are receiving this mail because:
You are on the CC list for the bug.