Subject: pkg/30042: Weird (wrong?) vulnerability message when building chat/zenicb
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <tls@rek.tjls.com>
List: pkgsrc-bugs
Date: 04/23/2005 20:45:01
>Number: 30042
>Category: pkg
>Synopsis: Weird (wrong?) vulnerability message when building chat/zenicb
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Apr 23 20:45:00 +0000 2005
>Originator: tls@rek.tjls.com
>Release: NetBSD 2.0, pkgsrc-2005Q1 as of 2005-04-22
>Organization:
The NetBSD Foundation
>Environment:
System: NetBSD rekusant 2.0 NetBSD 2.0 (REKUSANT) #5: Wed Feb 16 21:11:54 UTC 2005 root@ADMIN:/usr/src/sys/arch/i386/compile/REKUSANT i386
Architecture: i386
Machine: i386
>Description:
Trying to rebuild package chat/zenicb with USE_XEMACS set gives
extremely confusing messages about two vulnerabilities. When I
check the URLs given as the descriptions of the vulnerabilities,
they seem to not be relevant.
>How-To-Repeat:
enola-gay# pwd
/usr/pkgsrc/chat/zenicb
enola-gay# make install
===> Checking for vulnerabilities in xemacs-nb2
*** WARNING - remote-user-shell vulnerability in xemacs-nb2 - see http://list-archive.xemacs.org/xemacs-announce/200102/msg00000.html for more information ***
*** WARNING - remote-code-execution vulnerability in xemacs-nb2 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1
Stop.
make: stopped in /usr/pkgsrc/chat/zenicb
*** Error code 1
>Fix: