pkg/48903: pkg-vulnerabilities update for links & links-gui

[netbsd%i3enedek.neomailbox.net@localhost]

>Number:         48903
>Category:       pkg
>Synopsis:       pkg-vulnerabilities update for links & links-gui
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 13 02:35:00 +0000 2014
>Originator:     Ben Gergely
>Release:        current
>Organization:
>Environment:
NetBSD Spackintosh 6.99.43 NetBSD 6.99.43 (PISMO) #5: Fri Jun  6 02:23:03 UTC 
2014  root@Spackintosh:/usr/src/sys/arch/macppc/compile/PISMO macppc

>Description:
The vuln. listed in pkg-vul. is not specific to the versions affected:

vuln was fixed in version 2.6
>How-To-Repeat:

>Fix:
--- pkg-vulnerabilities.orig    2014-06-13 02:23:54.000000000 +0000
+++ pkg-vulnerabilities 2014-06-13 02:24:12.000000000 +0000
@@ -3683,7 +3683,7 @@
 xterm<238              remote-system-access    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383
 libaudiofile<0.2.6nb2  remote-system-access    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5824
 audacity<1.2.6nb2      remote-system-access    
http://secunia.com/advisories/33356/
-links{,-gui}-[0-9]*    remote-spoofing         
http://secunia.com/advisories/33391/
+links{,-gui}<2.7       remote-spoofing         
http://secunia.com/advisories/33391/
 samba>=3.2.0<3.2.7     remote-security-bypass  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022
 openssl<0.9.8j         signature-spoofing      
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
 amarok<1.4.10nb1       remote-code-execution   
http://www.trapkit.de/advisories/TKADV2009-002.txt