Hello all, I was having difficulty updating python33 today, even though the vulnerability to python 3.3.3_2 (CVE-2014-1912) was patched. After verifying with Freshports python 3.3.3_3 was correct, I used
*portmaster -m DISABLE_VULNERABILITIES=yes python33* to update the port. However, pkg audit is still complaining the port is vulnerable: *root@riotskates:/ # pkg auditpython33-3.3.3_3 is vulnerable:Python -- buffer overflow in socket.recvfrom_into()CVE: CVE-2014-1912WWW: http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html <http://portaudit.FreeBSD.org/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html>1 problem(s) in the installed packages found.* I'm not familiar with inconsistencies found between the ports tree (which is obviously correct) and portaudit.FreeBSD.org (I've actually never seen this problem before). Is there something I need to update to fix this on my machine or will this be caught upstream sometime later on? N.B. BTW I updated python27 with no problems at all. Thank you for your time, Jeremy _______________________________________________ freebsd-python@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
