www/py-aiohttp vulnerabilities

From: Andrea Venturoli <ml_at_netfence.it>
Date: Wed, 23 Jun 2021 08:11:51 +0200
Hello.

pkg audit complains that
> py37-aiohttp-3.7.4.p0 (www/py-aiohttp) is vulnerable:
>   aiohttp -- open redirect vulnerability
>   CVE: CVE-2021-21330
>   WWW: https://vuxml.FreeBSD.org/freebsd/3000acee-c45d-11eb-904f-14dae9d5a9d2.html
> 
> 1 problem(s) found.

However, AFAICT following the link, this CVE was fixed in 3.7.4.
Is this version vulnerable or not?

Reading https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256219, IIUIC, 
looks like answer is no.
Is then something wrong with my audit database?

  bye & Thanks
	av.
Received on Wed Jun 23 2021 - 06:11:51 UTC

Original text of this message