pkg/29721: enscript has had security vulnerability for weeks

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/29721: enscript has had security vulnerability for weeks
From: John Kohl <jtk%kolvir.arlington.ma.us@localhost>
Date: Thu, 17 Mar 2005 01:44:00 +0000 (UTC)

>Number:         29721
>Category:       pkg
>Synopsis:       enscript has had security vulnerability for weeks
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 17 01:44:00 +0000 2005
>Originator:     John Kohl
>Release:        NetBSD 2.0
>Organization:
NetBSD Kernel Hackers `R` Us
>Environment:
        
        
System: NetBSD desktop.john.kohl.name 2.0 NetBSD 2.0 (KOLVIR-$Revision: 1.57 $) 
#1: Mon Feb 21 13:58:26 EST 2005 
jtk%kolvir.arlington.ma.us@localhost:/usr/users/jtk/sandbox/src/sys/arch/i386/compile/KOLVIR
 i386
Architecture: i386
Machine: i386
>Description:
        Package enscript-1.6.1nb2 has a remote-code-execution vulnerability, 
see http://www.securityfocus.org/advisories/7879

        No updates to this package in the ~month since this advisory
showed up.

>How-To-Repeat:
        try to build enscript.  Latest pkgsrc/print/enscript/Makefile
is: # $NetBSD: Makefile,v 1.26 2004/05/28 00:54:50 lukem Exp $
and generates enscript-1.6.1nb2.

>Fix:
        

>Unformatted:

Prev by Date: pkg/29718: www/libgtkhtml lacks databases/db4 buildlink3.mk
Next by Date: pkg/29722: make/gmake broken in latest pkgsrc?
Previous by Thread: pkg/29718: www/libgtkhtml lacks databases/db4 buildlink3.mk
Next by Thread: pkg/29722: make/gmake broken in latest pkgsrc?
Indexes:

Home | Main Index | Thread Index | Old Index