Subject: suse_x11 pkg fails due to vulnerability
To: None <netbsd-users@netbsd.org>
From: Matthias Buelow <mkb@incubus.de>
List: netbsd-users
Date: 02/08/2005 13:51:06
Hi folks,

when building suse_x11-7.3nb2 from pkgsrc (2004q4), required as a 
dependency by sun-jdk14, I get the following when vulnerability checking 
is enabled:

===> Checking for vulnerabilities in suse_x11-7.3nb2
*** WARNING - remote-code-execution vulnerability in suse_x11-7.3nb2 - 
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 for more 
information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1
Stop.

The issues with this package are from September last year already.  Will 
they get resolved (and the package updated) in the forseeable future? 
Or how are such vulnerabilities handled in the pkg system?  Thanks for 
enlightening me.

mkb.