Subject: Re: kdemultimedia pkg and xine-lib security problems
To: Lubomir Sedlacik <salo@Xtrmntr.org>
From: Nuno Teixeira <nu@nunotex.freeshell.org>
List: netbsd-users
Date: 02/27/2005 18:30:35
Hello,
I've updated my 2004Q4 via cvs today and when I tried to make a package
from multimedia/xine-lib I get the error:
=================
===> Checking for vulnerabilities in xine-lib-1rc6anb2
*** WARNING - remote-code-execution vulnerability in xine-lib-1rc6anb2 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187 for more information ***
*** WARNING - remote-code-execution vulnerability in xine-lib-1rc6anb2 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1
Stop.
make: stopped in /usr/pkgsrc/multimedia/xine-lib
*** Error code 1
Stop.
make: stopped in /usr/pkgsrc/multimedia/xine-lib
=================
I have audit-packages installed with pkg-vulnerabilities updated today.
What I should do?
Yours,
Nuno Teixeira
On Sun, Feb 27, 2005 at 04:27:58PM +0100, Lubomir Sedlacik wrote:
> On Sun, Feb 27, 2005 at 02:35:39PM +0000, Nuno Teixeira wrote:
> > I'm trying to install kde meta-package and kdemultimedia fails to
> > install because it depends on xine-lib. xine-lib package doesn't exist
> > because it has security problems.
> >
> > What should I do? Could I installl xine-lib package from 1.6.2 on my
> > 2.0 i386 system and then install kdemultimedia package?
> >
> > I'm using 2004Q4 packages on 2.0 i386.
>
> xine-lib security fixes were pulled up to the 2004Q4 branch, just build
> your own package using pkgsrc.
>
>
> regards,
>
> --
> -- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org> --
--
SDF Public Access UNIX System - http://sdf.lonestar.org