pyhon33 still listed as vulnerable
JEREMY COX
jeremy.m.cox at gmail.com
Mon Mar 3 07:47:39 UTC 2014
Sorry if I wasn't more clear, my ports tree was updated a few minutes
before I wrote the email, from March 3 @ 0700 UTC... and the patch for
CVE-2014-1912 was already in /usr/ports/lang/python33/files... otherwise I
never would have updated the port! I always verify changes with the FreeBSD
svn website first. Even after the ports tree was updated, and the port was
updated, pkg audit still lists python33-3.3.3_3 as vulnerable, when the CVE
lists the vulnerability applicable only to python33 <= 3.3.3_2.
More information about the freebsd-python
mailing list