Subject: error in vulnerability list re: latest firefox
To: None <>
From: Anne Bennett <>
List: pkgsrc-users
Date: 07/28/2007 16:54:56
Hi, all.

I'm trying to install firefox ( from pkgsrc-current, but "make
fetch" complains about CVE-2006-2894, which I'm fairly sure was
addressed several versions ago.  I think that the problem is that
the entry in the vulnerability list needs to be updated.  There are
four lines that refer to the problem:

   firefox{,2}{,-bin,-gtk1}-[0-9]*	remote-information-exposure
   seamonkey{,-bin,-gtk1}-[0-9]*	remote-information-exposure
   mozilla{,-bin,-gtk2}-[0-9]*	remote-information-exposure
   netscape7-[0-9]*	remote-information-exposure

... but I'm pretty sure that firefox (formerly known as firefox2) and
seamonkey have had that fixed in the past few releases.

For now I'll work around with ALLOW_VULNERABLE_PACKAGES.

Anne Bennett.