Subject: pkg/28770: bogus p5-Tk vulnerability
To: None <,,>
From: None <>
List: pkgsrc-bugs
Date: 12/24/2004 08:36:01
>Number:         28770
>Category:       pkg
>Synopsis:       bogus p5-Tk vulnerability
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 24 08:36:00 +0000 2004
>Originator:     Michael van Elst
>Release:        NetBSD 2.0
                                Michael van Elst
                                "A potential Snark may lurk in every tree."
System: NetBSD pepew 2.0 NetBSD 2.0 (PEPEW) #13: Mon Dec 20 08:39:51 CET 2004 src@pepew:/sys/arch/i386/compile/PEPEW i386
Architecture: i386
Machine: i386
p5-Tk appeared in the pkg-vulnerabilities list pointing to

This is a reference to a buffer overflow in libpng.

Either there is no known vulnerability in p5-Tk and the entry
should be removed or the reference is wrong and should be
replaced with a correct one.