Subject: pkg/30744: incorrect package vulnerability entry for firefox
To: None <,,>
From: None <>
List: pkgsrc-bugs
Date: 07/13/2005 17:35:00
>Number:         30744
>Category:       pkg
>Synopsis:       bad firefox entries in pkg-vulnerabilities
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 13 17:35:00 +0000 2005
>Originator:     Steven M. Bellovin
>Release:        NetBSD 3.99.7
Department of Computer Science, Columbia University
System: NetBSD 3.99.7 NetBSD 3.99.7 (BERKSHIRE) #1: Fri Jul 1 15:56:08 EDT 2005 i386
Architecture: i386
Machine: i386
	These two entries in pkg-vulnerabilities:

	firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}-[0-9]*     http-frame-spoof
	firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}-[0-9]*     dialog-spoofing

	are wrong.  The advisories themselves say to upgrade to 1.0.5,
	but those entries object to 1.0.5.

	cd pkgsrc/www/firefox-bin && MOZILLA_USE_LINUX=y make install