www/py-aiohttp vulnerabilities

Reply: Kurt Jaeger : "Re: www/py-aiohttp vulnerabilities"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Andrea Venturoli <ml_at_netfence.it>
Date: Wed, 23 Jun 2021 06:11:51 UTC

Hello.

pkg audit complains that
> py37-aiohttp-3.7.4.p0 (www/py-aiohttp) is vulnerable:
>   aiohttp -- open redirect vulnerability
>   CVE: CVE-2021-21330
>   WWW: https://vuxml.FreeBSD.org/freebsd/3000acee-c45d-11eb-904f-14dae9d5a9d2.html
> 
> 1 problem(s) found.

However, AFAICT following the link, this CVE was fixed in 3.7.4.
Is this version vulnerable or not?

Reading https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256219, IIUIC, 
looks like answer is no.
Is then something wrong with my audit database?

  bye & Thanks
	av.