Subject: Re: suse_x11 pkg fails due to vulnerability
To: Matthias Buelow <>
From: Steven M. Bellovin <>
List: netbsd-users
Date: 02/08/2005 07:55:51
In message <>, Matthias Buelow writes:
>Hi folks,
>when building suse_x11-7.3nb2 from pkgsrc (2004q4), required as a 
>dependency by sun-jdk14, I get the following when vulnerability checking 
>is enabled:
>===> Checking for vulnerabilities in suse_x11-7.3nb2
>*** WARNING - remote-code-execution vulnerability in suse_x11-7.3nb2 - 
>see for more 
>information ***
>or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
>*** Error code 1
>The issues with this package are from September last year already.  Will 
>they get resolved (and the package updated) in the forseeable future? 
>Or how are such vulnerabilities handled in the pkg system?  Thanks for 
>enlightening me.

Apparently, the best way forward is to upgrade to suse9.

		--Prof. Steven M. Bellovin,