pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/30744: incorrect package vulnerability entry for firefox
>Number: 30744
>Category: pkg
>Synopsis: bad firefox entries in pkg-vulnerabilities
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jul 13 17:35:00 +0000 2005
>Originator: Steven M. Bellovin
>Release: NetBSD 3.99.7
>Organization:
Department of Computer Science, Columbia University
>Environment:
System: NetBSD berkshire.machshav.com 3.99.7 NetBSD 3.99.7 (BERKSHIRE) #1: Fri
Jul 1 15:56:08 EDT 2005
smb%berkshire.machshav.com@localhost:/usr/BUILD/obj/sys/arch/i386/compile/BERKSHIRE
i386
Architecture: i386
Machine: i386
>Description:
These two entries in pkg-vulnerabilities:
firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}-[0-9]* http-frame-spoof
http://secunia.com/advisories/15601/
firefox{,-bin,-gtk1,-gtk2,-gtk2-bin}-[0-9]* dialog-spoofing
http://secunia.com/advisories/15489/
are wrong. The advisories themselves say to upgrade to 1.0.5,
but those entries object to 1.0.5.
>How-To-Repeat:
cd pkgsrc/www/firefox-bin && MOZILLA_USE_LINUX=y make install
>Fix:
Use ALLOW_VULNERABLE_PACKAGES=y
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index