Re: [HEADSUP] Removing vulnerable packages

To: pkgsrc-users%netbsd.org@localhost
Subject: Re: [HEADSUP] Removing vulnerable packages
From: "OBATA Akio" <obache%netbsd.org@localhost>
Date: Fri, 01 Apr 2011 20:37:53 +0900

On Fri, 01 Apr 2011 18:47:30 +0900, Thomas Klausner <wiz%netbsd.org@localhost> 
wrote:

ap22-auth-mysql-1.11.12
ap22-auth-mysql-4.3.1


PKGNAME conflicts.
CVE-2008-2384 is for www/ap-auth-mysql (ap22-auth-mysql-4.3.1).

bash-completion-1.0


Just not confirmed fixed.
I've confirmed vulnerabilities with old code-base version 
(bash-completion-20060301),
but switched to Debian's one.

putty-0.6.20090906


As I already noticed at import time, PKGVERSION of security/putty-devel should 
be changed,
something like 0.60{alpha,beta,pre}20090906, or it is very old version than 
security/putty.
http://mail-index.netbsd.org/pkgsrc-changes/2009/09/08/msg029512.html

--
OBATA Akio / obache%NetBSD.org@localhost

Follow-Ups:
- Re: [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

Prev by Date: Re: [HEADSUP] Removing vulnerable packages
Next by Date: Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index