Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Update Python2 to 2.7.16

Description

pkg audit -F on 11.2-U4 reports:

python27-2.7.15 is vulnerable:
Python – NULL pointer dereference vulnerability
CVE: CVE-2019-5010
WWW: https://vuxml.FreeBSD.org/freebsd/d74371d2-4fee-11e9-a5cd-1df8a848de3d.html

python36-3.6.5_1 is vulnerable:
Python – NULL pointer dereference vulnerability
CVE: CVE-2019-5010
WWW: https://vuxml.FreeBSD.org/freebsd/d74371d2-4fee-11e9-a5cd-1df8a848de3d.html

py36-requests-2.18.4 is vulnerable:
www/py-requests – Information disclosure vulnerability
WWW: https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html

py36-cryptography-2.1.4 is vulnerable:
py-cryptography – tag forgery vulnerability
CVE: CVE-2018-10903
WWW: https://vuxml.FreeBSD.org/freebsd/9e2d0dcf-9926-11e8-a92d-0050562a4d7b.html

Not sure if these are easily exploitable in FreeNAS, but it would be comforting to have them fixed.

Problem/Justification

None

Impact

None

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

William Gryzbowski June 26, 2019 at 3:36 PM

It will be for 11.3. We dont like updating packages unnecessarily for the sake of stability for stable branches.

Sean McBride June 26, 2019 at 3:32 PM

That's good news!  And of course it means it's not urgent priority, but don't you agree it should nevertheless be fixed eventually?

William Gryzbowski June 26, 2019 at 3:22 PM

They are not exploitable for FreeNAS

Sean McBride June 26, 2019 at 3:19 PM

Just updated to 11.2-U5. These 2 remain:

 

py36-requests-2.18.4 is vulnerable:
www/py-requests -- Information disclosure vulnerability
WWW: [https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html|https://vuxml.freebsd.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html]

py36-cryptography-2.1.4 is vulnerable:
py-cryptography -- tag forgery vulnerability
CVE: CVE-2018-10903
WWW: [https://vuxml.FreeBSD.org/freebsd/9e2d0dcf-9926-11e8-a92d-0050562a4d7b.html|https://vuxml.freebsd.org/freebsd/9e2d0dcf-9926-11e8-a92d-0050562a4d7b.html]

 

Do you prefer to reopen this or shall I create a new ticket?

Dru Lavigne June 24, 2019 at 1:38 PM
Edited

Complete
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Labels

Components

Fix versions

Affects versions

Priority

Parent

More fields

Katalon Platform

Created May 8, 2019 at 6:38 PM
Updated July 1, 2022 at 4:31 PM
Resolved June 24, 2019 at 1:39 PM
Configure