pkg/29728: python23-pth listed as vulnerable for quite a while

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/29728: python23-pth listed as vulnerable for quite a while
From: John Kohl <jtk%kolvir.arlington.ma.us@localhost>
Date: Fri, 18 Mar 2005 02:52:01 +0000 (UTC)

>Number:         29728
>Category:       pkg
>Synopsis:       python23-pth listed as vulnerable for quite a while
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 18 02:52:00 +0000 2005
>Originator:     John Kohl
>Release:        NetBSD 2.0
>Organization:
NetBSD Kernel Hackers `R` Us
>Environment:
        
        
System: NetBSD desktop.john.kohl.name 2.0 NetBSD 2.0 (KOLVIR-$Revision: 1.57 $) 
#1: Mon Feb 21 13:58:26 EST 2005 
jtk%kolvir.arlington.ma.us@localhost:/usr/users/jtk/sandbox/src/sys/arch/i386/compile/KOLVIR
 i386
Architecture: i386
Machine: i386
>Description:
I won't rebuild python23-pth since it claims to be subject to a
vulnerability:

# make package
===> Checking for vulnerabilities in python23-pth-2.3.4nb3
*** WARNING - remote-code-execution vulnerability in python23-pth-2.3.4nb3 - 
see http://www.python.org/security/PSF-2005-001/ for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1

I'm suspicious, though, that it's really fixed by some other changes to
the python23 stuff, but I don't know enough about how the various python
packages are constructed to know whether it's really fixed.

>How-To-Repeat:
cd /usr/pkgsrc/lang/python23-pth
make

>Fix:
        

>Unformatted:

Prev by Date: Re: pkg/14876
Next by Date: pkg/29729: xemacs cannot build without ldap support
Previous by Thread: PR/14876 CVS commit: pkgsrc/net/bind9
Next by Thread: Re: pkg/29728: python23-pth listed as vulnerable for quite a while
Indexes:

Home | Main Index | Thread Index | Old Index