Subject: pkg/30042: Weird (wrong?) vulnerability message when building chat/zenicb
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <tls@rek.tjls.com>
List: pkgsrc-bugs
Date: 04/23/2005 20:45:01
>Number:         30042
>Category:       pkg
>Synopsis:       Weird (wrong?) vulnerability message when building chat/zenicb
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Apr 23 20:45:00 +0000 2005
>Originator:     tls@rek.tjls.com
>Release:        NetBSD 2.0, pkgsrc-2005Q1 as of 2005-04-22
>Organization:
	The NetBSD Foundation
>Environment:
System: NetBSD rekusant 2.0 NetBSD 2.0 (REKUSANT) #5: Wed Feb 16 21:11:54 UTC 2005 root@ADMIN:/usr/src/sys/arch/i386/compile/REKUSANT i386
Architecture: i386
Machine: i386
>Description:
	Trying to rebuild package chat/zenicb with USE_XEMACS set gives
	extremely confusing messages about two vulnerabilities.  When I
	check the URLs given as the descriptions of the vulnerabilities,
	they seem to not be relevant.
>How-To-Repeat:

enola-gay# pwd
/usr/pkgsrc/chat/zenicb
enola-gay# make install
===> Checking for vulnerabilities in xemacs-nb2
*** WARNING - remote-user-shell vulnerability in xemacs-nb2 - see http://list-archive.xemacs.org/xemacs-announce/200102/msg00000.html for more information ***
*** WARNING - remote-code-execution vulnerability in xemacs-nb2 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1

Stop.
make: stopped in /usr/pkgsrc/chat/zenicb
*** Error code 1

	
>Fix: