Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 May 2020 17:29:53 -0600
From:      "Kurt Buff - GSEC, GCIH" <kurt.buff@gmail.com>
To:        Dewayne Geraghty <dewayne@heuristicsystems.com.au>
Cc:        ports@freebsd.org
Subject:   Re: FreeBSD Port: open-vm-tools-11.0.1_3,2
Message-ID:  <CADy1Ce5j2-q8b3=Say2sXv+smJp=Nst=c3K98d0_eMPNme5nDg@mail.gmail.com>
In-Reply-To: <b68b8398-4534-8628-d7d7-30dc2cb4116b@heuristicsystems.com.au>
References:  <000001d61e62$52544110$f6fcc330$@quicknet.nl> <CADy1Ce5s79X-YUPKW3RH4gtyJHc212FiHZdiob1vgdS7_nvuuw@mail.gmail.com> <b68b8398-4534-8628-d7d7-30dc2cb4116b@heuristicsystems.com.au>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Saw that, and would prefer not at this point, given that this VM is part of
my security infrastructure.

I can take any performance hit while waiting for the fix.

Kurt

On Mon, May 4, 2020 at 4:41 PM Dewayne Geraghty <
dewayne@heuristicsystems.com.au> wrote:

> Suggest that you add to make.conf
> DISABLE_VULNERABILITIES=yes
>
>
> On 5/05/2020 8:08 am, Kurt Buff - GSEC, GCIH wrote:
> >  All,
> >
> > Has been done?
> >
> > I just built a new machine on our VMware cluster and tried to install
> this
> > from ports on 12.1-RELEASE-p3 with an updated tree, and it complained
> about
> > a dependency:
> >
> > ===>  python27-2.7.17_1 has known vulnerabilities:
> > python27-2.7.17_1 is vulnerable:
> > Python -- Regular Expression DoS attack against client
> > CVE: CVE-2020-8492
> > WWW:
> >
> https://vuxml.FreeBSD.org/freebsd/a27b0bb6-84fc-11ea-b5b4-641c67a117d8.html
> >
> > Thanks,
> >
> > Kurt
> >
> > On Wed, Apr 29, 2020 at 2:11 PM Dutchman01 via freebsd-ports <
> > freebsd-ports@freebsd.org> wrote:
> >
> >> Hi, new maintenance release is out,
> >>
> >> this port could use an upstream release.
> >>
> >>
> >>
> >> Can you please upgrade the port?
> >>
> >>
> >>
> >> Ty , regards,
> >>
> >> dutchy
> >>
> >> _______________________________________________
> >> freebsd-ports@freebsd.org mailing list
> >> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> >> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org
> "
> >>
> > _______________________________________________
> > freebsd-ports@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
> >
>
> _______________________________________________
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CADy1Ce5j2-q8b3=Say2sXv+smJp=Nst=c3K98d0_eMPNme5nDg>