# python38-3 vulnerability detected by the system !



## teo (May 20, 2021)

$  pkg audit -F
vulnxml file up-to-date
python38-3.8.9 is vulnerable:
  Python -- multiple vulnerabilities
  WWW: https://vuxml.FreeBSD.org/freebsd/bffa40db-ad50-11eb-86b8-080027846a02.html

1 problem(s) in 1 installed package(s) found.
$


----------



## Deleted member 30996 (May 20, 2021)

No hay problema:


```
root@bakemono:/ # portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found.
Fetching snapshot tag from ipv4.aws.portsnap.freebsd.org... done.
Latest snapshot on server matches what we already have.
No updates needed.
Ports tree is already up to date.
root@bakemono:/ # pkg audit -F
vulnxml file up-to-date
0 problem(s) in 0 installed package(s) found.
root@bakemono:/ # freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 12.2-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 12.2-RELEASE-p6.
root@bakemono:/ #
```


----------



## teo (May 20, 2021)

Trihexagonal said:


> No hay problema:
> 
> 
> ```
> ...




You are using the older version of FreeBSD12.2, I am on the latest version.

$ `uname -a`

```
FreeBSD freeb.net 13.0-RELEASE FreeBSD 13.0-RELEASE #0 releng/13.0-n244733-ea31abc261f: Fri Apr  9 04:24:09 UTC 2021     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64
 $
```


----------



## richardtoohey2 (May 20, 2021)

3.8.10 was in ports a few days ago: https://www.freshports.org/lang/python38/

Maybe it's not in packages yet?


----------



## Deleted member 30996 (May 20, 2021)

teo said:


> You are using the older version of FreeBSD12.2, I am on the latest version.


Thanks for letting us know. People usually do that in the OP.

It doesn't matter anyway. That vulnerability was issued 5-5-21 and is in the Python port/pkg. You would be affected if you have it installed on FreeBSD 12.2 or FreeBSD 13.

This machine running FreeBSD 12.2-RELEASE-p6 shows a current vulnerability in Python 39.3.9.4, which that advisory also addresses, but the one above still shows the same output as before. Both were checked at the same time just before posting this:

jigoku is Japanese for Hell:

```
root@jigoku:/ # portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found.
Fetching snapshot tag from ipv4.aws.portsnap.freebsd.org... done.
Latest snapshot on server matches what we already have.
No updates needed.
Ports tree is already up to date.
root@jigoku:/ # pkg audit -F
vulnxml file up-to-date
python39-3.9.4 is vulnerable:
  Python -- multiple vulnerabilities
  WWW: https://vuxml.FreeBSD.org/freebsd/bffa40db-ad50-11eb-86b8-080027846a02.html

1 problem(s) in 1 installed package(s) found.
root@jigoku:/ # freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 12.2-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 12.2-RELEASE-p6.
root@jigoku:/ #
```

bakemono is Japanese for shapeshifter. Another word for obake:

```
root@bakemono:/ # portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found.
Fetching snapshot tag from ipv4.aws.portsnap.freebsd.org... done.
Latest snapshot on server matches what we already have.
No updates needed.
Ports tree is already up to date.
root@bakemono:/ # pkg audit -F
vulnxml file up-to-date
0 problem(s) in 0 installed package(s) found.
root@bakemono:/ # freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 12.2-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 12.2-RELEASE-p6.
root@bakemono:/ #
```

When obake is finished compiling ports I'll take the Opolar gaming fan off it, put it on this one and fix it, too. 
I just wanted to post a screenshot of it.


----------

