Subject: pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls
To: None <>
From: Dennis den Brok <>
List: pkgsrc-users
Date: 08/21/2007 16:01:21
To sum it up in a single mail:

  * Opera 9.23 is out for quite a while and fixes one security issue wit=
h  =

JavaScript and a few stability issues, so I guess the package ought to b=
e  =

updated and the updates pulled up to -2007Q2, which doesn't seem to have=

9.22 yet, even (which already fixed security issues);
  * pkg-vulnerabilities doesn't list at least the security issue fixed b=
y  =

the release of Opera 9.23;
  * What I'm wondering about: Firefox has this long-standing  =

remote-information-exposure issue which prevents it from being built  =

without ALLOW_VULNERABLE=3Dyes; yet, there's a binary package available =
from  =

a directory different from packages/vulnerable, and the corresponding  =

README.html doesn't mention any vulnerabilities at all. I reckon this is=

to not confuse new users with such a popular package being not instantly=

available, but I haven't found anything about a change of policy regardi=
ng  =

that matter; ISTR that earlier, Firefox was being treated differently?
  * The links to dependencies in the README.htmls on the pkgsrc ftp-serv=
er  =

are long since broken. There's one "../" missing, for instance in  =

x11/9term/README.html, there's a link to  =
ml.  =

Note "x11/editors".

TIA for anything.

-- =

Dennis den Brok