Subject: pkg/29728: python23-pth listed as vulnerable for quite a while
To: None <,,>
From: John Kohl <>
List: pkgsrc-bugs
Date: 03/18/2005 02:52:01
>Number:         29728
>Category:       pkg
>Synopsis:       python23-pth listed as vulnerable for quite a while
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 18 02:52:00 +0000 2005
>Originator:     John Kohl
>Release:        NetBSD 2.0
NetBSD Kernel Hackers `R` Us
System: NetBSD 2.0 NetBSD 2.0 (KOLVIR-$Revision: 1.57 $) #1: Mon Feb 21 13:58:26 EST 2005 i386
Architecture: i386
Machine: i386
I won't rebuild python23-pth since it claims to be subject to a

# make package
===> Checking for vulnerabilities in python23-pth-2.3.4nb3
*** WARNING - remote-code-execution vulnerability in python23-pth-2.3.4nb3 - see for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1

I'm suspicious, though, that it's really fixed by some other changes to
the python23 stuff, but I don't know enough about how the various python
packages are constructed to know whether it's really fixed.

cd /usr/pkgsrc/lang/python23-pth