pyhon33 still listed as vulnerable
Dmitry Sivachenko
trtrmitya at gmail.com
Mon Mar 3 07:20:22 UTC 2014
I already fixed that yesterday, update your ports tree.
> 03 марта 2014 г., в 11:05, JEREMY COX <jeremy.m.cox at gmail.com> написал(а):
>
> Hello all,
> I was having difficulty updating python33 today, even though the
> vulnerability to python 3.3.3_2 (CVE-2014-1912) was patched. After
> verifying with Freshports python 3.3.3_3 was correct, I used
>
> *portmaster -m DISABLE_VULNERABILITIES=yes python33*
>
> to update the port. However, pkg audit is still complaining the port is
> vulnerable:
>
>
>
>
>
>
>
>
> *root at riotskates:/ # pkg auditpython33-3.3.3_3 is vulnerable:Python --
> buffer overflow in socket.recvfrom_into()CVE: CVE-2014-1912WWW:
> http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html
> <http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html>1
> problem(s) in the installed packages found.*
>
>
> I'm not familiar with inconsistencies found between the ports tree (which
> is obviously correct) and portaudit.FreeBSD.org (I've actually never seen
> this problem before). Is there something I need to update to fix this on
> my machine or will this be caught upstream sometime later on?
>
> N.B. BTW I updated python27 with no problems at all.
>
> Thank you for your time,
>
> Jeremy
> _______________________________________________
> freebsd-python at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-python
> To unsubscribe, send any mail to "freebsd-python-unsubscribe at freebsd.org"
More information about the freebsd-python
mailing list