Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 May 2020 17:51:59 -0600
From:      "Kurt Buff - GSEC, GCIH" <kurt.buff@gmail.com>
To:        Josh Paetzel <jpaetzel@freebsd.org>
Cc:        Dutchman01 <dutchman01@quicknet.nl>, ports@freebsd.org
Subject:   Re: FreeBSD Port: open-vm-tools-11.0.1_3,2
Message-ID:  <CADy1Ce4GTT62%2B438YXpPfGUZ-hJrKwiH=ihW2VHV=i=3G4rTjA@mail.gmail.com>
In-Reply-To: <d308f49b-7d79-4af9-b546-16a4e6874aaf@www.fastmail.com>
References:  <000001d61e62$52544110$f6fcc330$@quicknet.nl> <CADy1Ce5s79X-YUPKW3RH4gtyJHc212FiHZdiob1vgdS7_nvuuw@mail.gmail.com> <d308f49b-7d79-4af9-b546-16a4e6874aaf@www.fastmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 4, 2020 at 4:46 PM Josh Paetzel <jpaetzel@freebsd.org> wrote:
> On Mon, May 4, 2020, at 5:08 PM, Kurt Buff - GSEC, GCIH wrote:
> >  All,
> >
> > Has been done?
> >
> > I just built a new machine on our VMware cluster and tried to install this
> > from ports on 12.1-RELEASE-p3 with an updated tree, and it complained about
> > a dependency:
> >
> > ===>  python27-2.7.17_1 has known vulnerabilities:
> > python27-2.7.17_1 is vulnerable:
> > Python -- Regular Expression DoS attack against client
> > CVE: CVE-2020-8492
> > WWW:
> > https://vuxml.FreeBSD.org/freebsd/a27b0bb6-84fc-11ea-b5b4-641c67a117d8.html
> >
> > Thanks,
> >
> > Kurt
>
> That doesn't have anything to do with an open-vm-tools version bump.
>
> The issue you are seeing is due to the fact that https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245776 hasn't been committed yet.
>
> --
>
> Thanks,
>
> Josh Paetzel

Got it. I'll keep an eye on that bug.

Thanks,

Kurt



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADy1Ce4GTT62%2B438YXpPfGUZ-hJrKwiH=ihW2VHV=i=3G4rTjA>