pkgsrc-2014Q3 security vulnerabilities in openssl and python34

To: pkgsrc-users%NetBSD.org@localhost
Subject: pkgsrc-2014Q3 security vulnerabilities in openssl and python34
From: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Date: Mon, 17 Nov 2014 10:35:07 -0600

Hello, pkgsrc Users.

The command "pkg_admin audit" is reporting the following vulnerabilities
for pkgsrc-2014Q3 packages installed on my machine (Darwin 13.4.0 / Mac
OS X Mavericks 10.9.5):

===
$ pkg_admin audit
Package openssl-1.0.1i has a multiple-vulnerabilities vulnerability, see https://www.openssl.org/news/secadv_20141015.txt
Package python34-3.4.1nb1 has a integer-overflow vulnerability, see http://bugs.python.org/issue22518
Package python34-3.4.1nb1 has a integer-overflow vulnerability, see http://bugs.python.org/issue22520
===

Would a developer be willing to commit fixes for these?  If not, would a
developer be willing to accept patches from me to fix these?

Thank you!

Lewis

Prev by Date: Re: pkgin failed to install
Next by Date: net/mtr: patch introducing inet6 option
Previous by Thread: pkgin failed to install
Next by Thread: net/mtr: patch introducing inet6 option
Indexes:

Home | Main Index | Thread Index | Old Index