Heya is it meant to not remove the old vulnerable entry when I update????
09/06/2021, 5:52 PM
could it be that both versions are still available?
09/07/2021, 3:12 PM
Not at all, just v3.4.8 is installed which is not even showing in that list at all, but when I list python packaes it is there I will show you the list of python packages. Also it is doing it with httplib2
Here is output of installed packages from pip (I updated to 3.3 and then 3.4.8 those days ago and still it doesn't say 3.4.8 is installed and lists the two vulnerable versions that are not)
At least it shows the current version of httplib2 as well
This is the dir that the packages get installed to.
On a completely different host, it sees the 3.4.8 version but still lists the non existant 2.8 vulnerable version