pkgsrc-bugs: pkg/33971: One addition/one revision needed to the pkg-vulnerabilities file

Subject: pkg/33971: One addition/one revision needed to the pkg-vulnerabilities file
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <dhgutteridge@sympatico.ca>
List: pkgsrc-bugs
Date: 07/11/2006 01:55:00

>Number:         33971
>Category:       pkg
>Synopsis:       One addition/one revision needed to the pkg-vulnerabilities file
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Jul 11 01:55:00 +0000 2006
>Originator:     David H. Gutteridge
>Release:        Mostly 3.0 these days
>Organization:
>Environment:
>Description:
Hello,

Two items for the pkg-vulnerabilities file:

(1) The vulnerability reported against dia:

dia-0.[0-9]*		arbitrary-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480

has been fixed in version 0.95-1, which has the following notation in its ChangeLog file:

       * plug-ins/wmf/wmf.cpp: Patch from Hans de Goede: Fix bug #342111,
        security vulnerabilities from string format errors.

(2) There's no reference to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2197

which affects wv2 before version 0.2.3.  (pkgsrc-current and 2006-Q2 have already been updated to reflect this latest version.)

Regards,

Dave

>How-To-Repeat:

>Fix: