netbsd-users: Re: suse_x11 pkg fails due to vulnerability

Subject: Re: suse_x11 pkg fails due to vulnerability
To: Matthias Buelow <mkb@incubus.de>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: netbsd-users
Date: 02/08/2005 13:00:52

In message <4208FD16.9020706@incubus.de>, Matthias Buelow writes:
>I wrote:
>
>> Setting SUSE_PREFER=9.1 in mk.conf seems to work.
>> 
>> (Google found 
>> http://mail-index.netbsd.org/pkgsrc-changes/2004/11/05/0025.html).
>.
>
>===> Checking for vulnerabilities in suse_x11-9.1
>*** WARNING - remote-code-execution vulnerability in suse_x11-9.1 - see 
>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 for more 
>information ***
>or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
>*** Error code 1
>
>
>Hehe. Same problem, as it seems, as with 7.3.
>

You need 9.1nb1

		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb