Subject: pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls
To: None <>
From: Dennis den Brok <>
List: pkgsrc-users
Date: 08/21/2007 22:52:55
To sum it up in a single mail:

   * Opera 9.23 is out for quite a while and fixes one security issue wi=
JavaScript and a few stability issues, so I guess the package ought to b=
updated and the updates pulled up to -2007Q2, which doesn't seem to have=

9.22 yet, even (which already fixed security issues);
   * pkg-vulnerabilities doesn't list at least the security issue fixed =
the release of Opera 9.23;
   * What I'm wondering about: Firefox has this long-standing
remote-information-exposure issue which prevents it from being built
without ALLOW_VULNERABLE=3Dyes; yet, there's a binary package available =
a directory different from packages/vulnerable, and the corresponding
README.html doesn't mention any vulnerabilities at all. I reckon this is=

to not confuse new users with such a popular package being not instantly=

available, but I haven't found anything about a change of policy regardi=
that matter; ISTR that earlier, Firefox was being treated differently?
   * The links to dependencies in the README.htmls on the pkgsrc ftp-ser=
are long since broken. There's one "../" missing, for instance in
x11/9term/README.html, there's a link to
Note "x11/editors".

TIA for anything.

-- =

Dennis den Brok