Python upgrade to address vulnerability?

Ruslan Mahmatkhanov cvs-src at yandex.ru
Wed Feb 15 09:30:02 UTC 2012


Doug Barton wrote on 15.02.2012 02:20:
> So apparently we have a python vulnerability according to
> http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html,
> but I'm not seeing an upgrade to address it yet. Any idea when that will
> happen?
>
>
> Thanks,
>
> Doug
>

Patch is there:
http://people.freebsd.org/~rm/python-CVE-2012-0845.diff.txt

Patch for 3.2 is taken there directly:
http://bugs.python.org/file24522/xmlrpc_loop-1.diff

Patch for 2.5, 2.6, 2.7, 3.1 is adopted from this patch:
http://bugs.python.org/file24513/xmlrpc_loop.diff

SimpleXMLRPCServer.py in 2.4 is too different and it is going to die 
anyway so I didn't messed with it.

If noone objects, I can commit it. Please tell me what should i do.

-- 
Regards,
Ruslan

Tinderboxing kills... the drives.


More information about the freebsd-ports mailing list