pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages

| From: Makoto Fujiwara <>
| Date: Tue, 05 Apr 2011 09:12:20 +0900
| Message-ID: <>

wiz> xdg-utils-1.0.2 [will not remove, but patches welcome]

mef> I have the patch to 1.1.0-rc1 prepared.
mef> (pkglint says Looks fine).

mef> (1) Shall I import it to wip for waiting rc1 removed, or
mef> (2) just send-pr or
mef> (3) extract the security patch and add to 1.0.2 ?

I have generated this patch.

I did not confirm patched version is vulnerable or not. 
I just picked up the diffs of following commit.

  2008-01-24 Kevin Krammer <>
      * Fixing security issue in xdg-email and xdg-open at replacing
        parameter in $BROWSER

Thank you,
Makoto Fujiwara

Home | Main Index | Thread Index | Old Index