pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [HEADSUP] Removing vulnerable packages



On Fri, Apr 01, 2011 at 10:33:04PM +0900, OBATA Akio wrote:
> On Fri, 01 Apr 2011 21:02:32 +0900, Thomas Klausner 
> <wiz%netbsd.org@localhost> wrote:
> >Oh no. Can we rename one of them?
> 
> Hmm, After some digging...
> www/ap-auth-mysql
>   From debian/copyright, it seemes that it is debianised (and folk?) of 
> following:
>   http://mod-auth-mysql.sourceforge.net/
> www/ap2-auth-mysql
>   upstream dead.
>   From CHANGES, it seems that following is successor (or folk) of it.
>   http://modauthmysql.sourceforge.net/

So the dead version has the security issue?
Then we can remove it and fix the pattern so it doesn't match the less
dead one :)

> Debian's
>   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=259987
> RedHat's
>   https://bugzilla.redhat.com/show_bug.cgi?id=492589
> 
> I'm not a bash user.
> I could reproduced some of them, but I cannot check all of them.

Debian closed their bug report in 2009, so if we update to the latest
1.3, we should be fine to. (I'm not gonna do the update.)
 Thomas


Home | Main Index | Thread Index | Old Index