Subject: pkg/28770: bogus p5-Tk vulnerability
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <mlelstv@serpens.de>
List: pkgsrc-bugs
Date: 12/24/2004 08:36:01
>Number:         28770
>Category:       pkg
>Synopsis:       bogus p5-Tk vulnerability
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 24 08:36:00 +0000 2004
>Originator:     Michael van Elst
>Release:        NetBSD 2.0
>Organization:
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."
>Environment:
	
	
System: NetBSD pepew 2.0 NetBSD 2.0 (PEPEW) #13: Mon Dec 20 08:39:51 CET 2004 src@pepew:/sys/arch/i386/compile/PEPEW i386
Architecture: i386
Machine: i386
>Description:
p5-Tk appeared in the pkg-vulnerabilities list pointing to

 http://scary.beasts.org/security/CESA-2004-001.txt

This is a reference to a buffer overflow in libpng.

>How-To-Repeat:
>Fix:
Either there is no known vulnerability in p5-Tk and the entry
should be removed or the reference is wrong and should be
replaced with a correct one.


>Unformatted: