Subject: pkg/28770: bogus p5-Tk vulnerability
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <mlelstv@serpens.de>
List: pkgsrc-bugs
Date: 12/24/2004 08:36:01
>Number: 28770
>Category: pkg
>Synopsis: bogus p5-Tk vulnerability
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Dec 24 08:36:00 +0000 2004
>Originator: Michael van Elst
>Release: NetBSD 2.0
>Organization:
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."
>Environment:
System: NetBSD pepew 2.0 NetBSD 2.0 (PEPEW) #13: Mon Dec 20 08:39:51 CET 2004 src@pepew:/sys/arch/i386/compile/PEPEW i386
Architecture: i386
Machine: i386
>Description:
p5-Tk appeared in the pkg-vulnerabilities list pointing to
http://scary.beasts.org/security/CESA-2004-001.txt
This is a reference to a buffer overflow in libpng.
>How-To-Repeat:
>Fix:
Either there is no known vulnerability in p5-Tk and the entry
should be removed or the reference is wrong and should be
replaced with a correct one.
>Unformatted: