pyhon33 still listed as vulnerable
JEREMY COX
jeremy.m.cox at gmail.com
Mon Mar 3 07:05:37 UTC 2014
Hello all,
I was having difficulty updating python33 today, even though the
vulnerability to python 3.3.3_2 (CVE-2014-1912) was patched. After
verifying with Freshports python 3.3.3_3 was correct, I used
*portmaster -m DISABLE_VULNERABILITIES=yes python33*
to update the port. However, pkg audit is still complaining the port is
vulnerable:
*root at riotskates:/ # pkg auditpython33-3.3.3_3 is vulnerable:Python --
buffer overflow in socket.recvfrom_into()CVE: CVE-2014-1912WWW:
http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html
<http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html>1
problem(s) in the installed packages found.*
I'm not familiar with inconsistencies found between the ports tree (which
is obviously correct) and portaudit.FreeBSD.org (I've actually never seen
this problem before). Is there something I need to update to fix this on
my machine or will this be caught upstream sometime later on?
N.B. BTW I updated python27 with no problems at all.
Thank you for your time,
Jeremy
More information about the freebsd-python
mailing list