Python upgrade to address vulnerability?
wen heping
wenheping at gmail.com
Wed Feb 15 10:16:38 UTC 2012
2012/2/15 Ruslan Mahmatkhanov <cvs-src at yandex.ru>
> Doug Barton wrote on 15.02.2012 02:20:
>
>> So apparently we have a python vulnerability according to
>> http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-**
>> 003067b2972c.html<http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html>
>> ,
>> but I'm not seeing an upgrade to address it yet. Any idea when that will
>> happen?
>>
>>
>> Thanks,
>>
>> Doug
>>
>>
> Patch is there:
> http://people.freebsd.org/~rm/**python-CVE-2012-0845.diff.txt<http://people.freebsd.org/~rm/python-CVE-2012-0845.diff.txt>
Had this patch been committed into upstream? When I found it , it was in
review state.
And CVE-2012-0845 too.
wen
>
>
> Patch for 3.2 is taken there directly:
> http://bugs.python.org/**file24522/xmlrpc_loop-1.diff<http://bugs.python.org/file24522/xmlrpc_loop-1.diff>
>
> Patch for 2.5, 2.6, 2.7, 3.1 is adopted from this patch:
> http://bugs.python.org/**file24513/xmlrpc_loop.diff<http://bugs.python.org/file24513/xmlrpc_loop.diff>
>
> SimpleXMLRPCServer.py in 2.4 is too different and it is going to die
> anyway so I didn't messed with it.
>
> If noone objects, I can commit it. Please tell me what should i do.
>
> --
> Regards,
> Ruslan
>
> Tinderboxing kills... the drives.
> ______________________________**_________________
> freebsd-python at freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-**python<http://lists.freebsd.org/mailman/listinfo/freebsd-python>
> To unsubscribe, send any mail to "freebsd-python-unsubscribe@**freebsd.org<freebsd-python-unsubscribe at freebsd.org>
> "
>
More information about the freebsd-ports
mailing list