Date: Tue, 14 Sep 2021 09:55:19 +1000 From: Kubilay Kocak <koobs@FreeBSD.org> To: lumiwa@dismail.de Cc: "python@FreeBSD.org" <python@FreeBSD.org>, Wen Heping <wen@FreeBSD.org> Subject: Re: python38-3.8.11 is vulnerable Message-ID: <97804325-5c6e-48a6-7e8d-82090734c359@FreeBSD.org> In-Reply-To: <20210912091711.6141a695@dismail.de> References: <20210912091711.6141a695@dismail.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/09/2021 11:17 pm, LuMiWa via python wrote: > Hi! > > I start using latest binary packages and my questuions if is better to > use ports for some port in this case for Pythong because ports as I > know I faster update for vulnerabilities. > > pkg audit -F > vulnxml file up-to-date > python38-3.8.11 is vulnerable: > Python -- multiple vulnerabilities > WWW: > https://vuxml.FreeBSD.org/freebsd/145ce848-1165-11ec-ac7e-08002789875b.html > > Thank you. > All Python language ports (lang/python*) bugfix and security updates should be committed to head and then merged to quarterly as part of the same task as a matter of course. The python38 update is being tracked here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258195 Once committed/merged, the availability of updates packages is contingent on the package building infrastructure, which can take up to a few days to complete on average, if there are no other issues. ./koobs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97804325-5c6e-48a6-7e8d-82090734c359>