FreeBSD Port: open-vm-tools-11.0.1_3,2

[Kurt Buff - GSEC, GCIH]

Saw that, and would prefer not at this point, given that this VM is part of
my security infrastructure.

I can take any performance hit while waiting for the fix.

Kurt

On Mon, May 4, 2020 at 4:41 PM Dewayne Geraghty <
dewayne at heuristicsystems.com.au> wrote:

> Suggest that you add to make.conf
> DISABLE_VULNERABILITIES=yes
>
>
> On 5/05/2020 8:08 am, Kurt Buff - GSEC, GCIH wrote:
> >  All,
> >
> > Has been done?
> >
> > I just built a new machine on our VMware cluster and tried to install
> this
> > from ports on 12.1-RELEASE-p3 with an updated tree, and it complained
> about
> > a dependency:
> >
> > ===>  python27-2.7.17_1 has known vulnerabilities:
> > python27-2.7.17_1 is vulnerable:
> > Python -- Regular Expression DoS attack against client
> > CVE: CVE-2020-8492
> > WWW:
> >
> https://vuxml.FreeBSD.org/freebsd/a27b0bb6-84fc-11ea-b5b4-641c67a117d8.html
> >
> > Thanks,
> >
> > Kurt
> >
> > On Wed, Apr 29, 2020 at 2:11 PM Dutchman01 via freebsd-ports <
> > freebsd-ports at freebsd.org> wrote:
> >
> >> Hi, new maintenance release is out,
> >>
> >> this port could use an upstream release.
> >>
> >>
> >>
> >> Can you please upgrade the port?
> >>
> >>
> >>
> >> Ty , regards,
> >>
> >> dutchy
> >>
> >> _______________________________________________
> >> freebsd-ports at freebsd.org mailing list
> >> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> >> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org
> "
> >>
> > _______________________________________________
> > freebsd-ports at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> > To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
> >
>
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>