- Reply: Kurt Jaeger : "Re: www/py-aiohttp vulnerabilities"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 23 Jun 2021 06:11:51 UTC
Hello. pkg audit complains that > py37-aiohttp-3.7.4.p0 (www/py-aiohttp) is vulnerable: > aiohttp -- open redirect vulnerability > CVE: CVE-2021-21330 > WWW: https://vuxml.FreeBSD.org/freebsd/3000acee-c45d-11eb-904f-14dae9d5a9d2.html > > 1 problem(s) found. However, AFAICT following the link, this CVE was fixed in 3.7.4. Is this version vulnerable or not? Reading https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256219, IIUIC, looks like answer is no. Is then something wrong with my audit database? bye & Thanks av.