Re: python38-3.8.11 is vulnerable

From: Kubilay Kocak <koobs_at_FreeBSD.org>
Date: Tue, 14 Sep 2021 09:55:19 +1000
On 12/09/2021 11:17 pm, LuMiWa via python wrote:
> Hi!
> 
> I start using latest binary packages and my questuions if is better to
> use ports for some port in this case for Pythong because ports as I
> know I faster update for vulnerabilities.
> 
>   pkg audit -F
> vulnxml file up-to-date
> python38-3.8.11 is vulnerable:
>    Python -- multiple vulnerabilities
>    WWW:
>    https://vuxml.FreeBSD.org/freebsd/145ce848-1165-11ec-ac7e-08002789875b.html
> 
> Thank you.
> 

All Python language ports (lang/python*) bugfix and security updates 
should be committed to head and then merged to quarterly as part of the 
same task as a matter of course.

The python38 update is being tracked here:

   https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258195

Once committed/merged, the availability of updates packages is 
contingent on the package building infrastructure, which can take up to 
  a few days to complete on average, if there are no other issues.

./koobs
Received on Mon Sep 13 2021 - 23:55:19 UTC

Original text of this message