Python upgrade to address vulnerability?

wen heping wenheping at gmail.com
Wed Feb 15 11:56:10 UTC 2012


2012/2/15 Ruslan Mahmatkhanov <cvs-src at yandex.ru>

> wen heping wrote on 15.02.2012 14:16:
>
>> 2012/2/15 Ruslan Mahmatkhanov<cvs-src at yandex.ru**>
>>
>>  Doug Barton wrote on 15.02.2012 02:20:
>>>
>>>  So apparently we have a python vulnerability according to
>>>> http://portaudit.FreeBSD.org/****b4f8be9e-56b2-11e1-9fb7-**<http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-**>
>>>> 003067b2972c.html<http://**portaudit.FreeBSD.org/**
>>>> b4f8be9e-56b2-11e1-9fb7-**003067b2972c.html<http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html>
>>>> >
>>>>
>>>> ,
>>>> but I'm not seeing an upgrade to address it yet. Any idea when that will
>>>> happen?
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Doug
>>>>
>>>>
>>>>  Patch is there:
>>> http://people.freebsd.org/~rm/****python-CVE-2012-0845.diff.**txt<http://people.freebsd.org/~rm/**python-CVE-2012-0845.diff.txt>
>>> <http://people.freebsd.org/**~rm/python-CVE-2012-0845.diff.**txt<http://people.freebsd.org/~rm/python-CVE-2012-0845.diff.txt>
>>> >
>>>
>>
>>
>> Had this patch been committed into upstream? When I found it , it was in
>> review state.
>>
>> And CVE-2012-0845 too.
>>
>> wen
>>
>
> Yes, it is not yet committed, but comments looks promisingly :). And i
> can't reproduce this bug after patching, using procedure described in bug
> report.


Me too :)
I trust this patch too but I would like wait some time.

wen



>
>
> --
> Regards,
> Ruslan
>
> Tinderboxing kills... the drives.
>


More information about the freebsd-ports mailing list