From nobody Tue Sep 14 07:31:21 2021 X-Original-To: python@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 328E717CFC33 for ; Tue, 14 Sep 2021 07:31:33 +0000 (UTC) (envelope-from lumiwa@dismail.de) Received: from mx1.dismail.de (mx1.dismail.de [78.46.223.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mx1.dismail.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H7w5J4yszz3Jl8; Tue, 14 Sep 2021 07:31:32 +0000 (UTC) (envelope-from lumiwa@dismail.de) Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 50ed9bfd; Tue, 14 Sep 2021 09:31:25 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date:from :to:cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=20190914; bh=uPEGkyu+ tkjmp2sVM9Nh8f6vlzP6C9+7pGH74D8Ik5s=; b=rgK9RzaJ91JNHLkwH40WoFYf g7E81zHBHTdWhAXbPNytvh1IqBYdHn7UCsNw/I+dDmbEjd/2bGAd/hxlMDTVaSwq JZ2hYhhohiYS614n0yu+I6E0Iwvxglr8Ayah23GJdS+rtT4wA6kRoq7gxS2ISgul OZIksEVZoDOXxX3K9ywVtlW+yT/LGWlUuyWb21V7cngrvvZC7R93G67sIlM8KCp6 Dt7e0u6Ys5/tVnizFSxDNin1yM79a9jK6j5Ily5CAHPZharjYpbp3CWfrHfuVN1x wM4ZC0Pf+aqVQIm3h0AsHLopcJT0yAmrtxJIFRcM0iUn+M2EcuEaRjKb5530eg== Received: from smtp2.dismail.de ( [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id a360a973; Tue, 14 Sep 2021 09:31:25 +0200 (CEST) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id a68b921b; Tue, 14 Sep 2021 09:31:25 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 70915d4e (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Tue, 14 Sep 2021 09:31:24 +0200 (CEST) Date: Tue, 14 Sep 2021 03:31:21 -0400 To: Kubilay Kocak Cc: "python@FreeBSD.org" , Wen Heping Subject: Re: python38-3.8.11 is vulnerable Message-ID: <20210914033121.6372e3a2@dismail.de> In-Reply-To: <97804325-5c6e-48a6-7e8d-82090734c359@FreeBSD.org> References: <20210912091711.6141a695@dismail.de> <97804325-5c6e-48a6-7e8d-82090734c359@FreeBSD.org> X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0) List-Id: FreeBSD-specific Python issues List-Archive: https://lists.freebsd.org/archives/freebsd-python List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-python@freebsd.org X-BeenThere: freebsd-python@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4H7w5J4yszz3Jl8 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] Reply-To: lumiwa@dismail.de From: LuMiWa via python X-Original-From: LuMiWa X-ThisMailContainsUnwantedMimeParts: N On Tue, 14 Sep 2021 09:55:19 +1000 Kubilay Kocak wrote: > On 12/09/2021 11:17 pm, LuMiWa via python wrote: > > Hi! > >=20 > > I start using latest binary packages and my questuions if is better > > to use ports for some port in this case for Pythong because ports > > as I know I faster update for vulnerabilities. > >=20 > > pkg audit -F > > vulnxml file up-to-date > > python38-3.8.11 is vulnerable: > > Python -- multiple vulnerabilities > > WWW: > > https://vuxml.FreeBSD.org/freebsd/145ce848-1165-11ec-ac7e-0800278987= 5b.html > >=20 > > Thank you. > >=20 >=20 > All Python language ports (lang/python*) bugfix and security updates=20 > should be committed to head and then merged to quarterly as part of > the same task as a matter of course. >=20 > The python38 update is being tracked here: >=20 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258195 >=20 > Once committed/merged, the availability of updates packages is=20 > contingent on the package building infrastructure, which can take up > to a few days to complete on average, if there are no other issues. >=20 > ./koobs Thank you very much...I am new in the binaries world :) "Those who can make you believe absurdities can make you commit atrocities.=E2=80=9D Voltaire