pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/30900: pullup mozilla 1.7.10 to pkgsrc-2005Q2?
>Number: 30900
>Category: pkg
>Synopsis: pullup mozilla 1.7.10 to pkgsrc-2005Q2?
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Wed Aug 03 09:59:00 +0000 2005
>Originator: Geert Hendrickx
>Release:
>Organization:
>Environment:
>Description:
The pkgsrc-2005Q2 version of mozilla & mozilla-gtk2 is marked vulnerable:
Package mozilla-gtk2-1.7.8 has a http-frame-spoof vulnerability, see
http://secunia.com/advisories/15601/
Package mozilla-gtk2-1.7.8 has a dialog-spoofing vulnerability, see
http://secunia.com/advisories/15489/
The version in pkgsrc-HEAD (1.7.10) is fixed, so shouldn't this update be
pulled up to pkgsrc-2005Q2?
>How-To-Repeat:
>Fix:
Updates to be pulled up are:
in www/mozilla:
Makefile 1.146
PLIST 1.17
buildlink3.mk 1.12
in www/mozilla-gtk2:
Makefile 1.24
PLIST 1.7
buildlink3.mk 1.10
All these apply directly to the pkgsrc-2005Q2 version.
Home |
Main Index |
Thread Index |
Old Index