netbsd-bugs: pkg/11077: pkg-vulnerabilty handling should be improved?

Subject: pkg/11077: pkg-vulnerabilty handling should be improved?
To: None <gnats-bugs@gnats.netbsd.org>
From: None <itojun@itojun.org>
List: netbsd-bugs
Date: 09/25/2000 08:12:18

>Number:         11077
>Category:       pkg
>Synopsis:       pkg-vulnerabilty handling should be improved?
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 25 08:18:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Jun-ichiro itojun Hagino
>Release:        1.5F
>Organization:
	itojun.org
>Environment:
System: NetBSD starfruit.itojun.org 1.5F NetBSD 1.5F (STARFRUIT) #165: Mon Sep 25 04:17:57 JST 2000 itojun@starfruit.itojun.org:/usr/home/itojun/NetBSD/src/sys/arch/i386/compile/STARFRUIT i386


>Description:
	when we a vulnerability entry for a package, the following message is
	printed regardless of which version i'm installing.
	*** WARNING: Vulnerabilities in this package ***

	what "this package" means here is rather unclear to me.
	- did I install some binary that is vulnerable?
	- or, there are vulnerabilities in the past and the version
	  I'm using is okay?

	i'm using bsd.pkg.mk revision 1.579.
>How-To-Repeat:

# grep racoon ../../distfiles/vulnerabilities
racoon<20000923a        local-root-file-view    http://mail-index.netbsd.org/tech-net/2000/09/24/0000.html
# grep DISTNAME Makefile
DISTNAME=       racoon-20000923a
WRKSRC=         ${WRKDIR}/${DISTNAME}/racoon
# make install
===> Installing for racoon-20000923a
*** WARNING: Vulnerabilities in this package ***
racoon<20000923a        local-root-file-view    http://mail-index.netbsd.org/tech-net/2000/09/24/0000.html
/usr/bin/install -c -o root -g wheel -s -o bin -g bin -m 555 racoon /usr/pkg/sbin
/usr/bin/install -c -o root -g wheel -o bin -g bin -m 444 racoon.8 /usr/pkg/man/man8
/usr/bin/install -c -o root -g wheel -o bin -g bin -m 444 racoon.conf.5 /usr/pkg/man/man5
/bin/mkdir -p /usr/pkg/share/doc/racoon
for i in FAQ README.certificate; do  install -c -o root -g wheel -m 444 /usr/home/itojun/NetBSD/pkgsrc/security/racoon/work/racoon-20000923a/racoon/doc/$i /usr/pkg/share/doc/racoon;  done
/bin/mkdir -p /usr/pkg/share/examples/racoon
install -c -o root -g wheel -m 444 /usr/home/itojun/NetBSD/pkgsrc/security/racoon/work/racoon-20000923a/racoon/samples/racoon.conf.sample  /usr/pkg/share/examples/racoon
===> Registering installation for racoon-20000923a

>Fix:
	don't know.
>Release-Note:
>Audit-Trail:
>Unformatted: