Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages

To: pkgsrc-users%NetBSD.org@localhost
Subject: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
From: Makoto Fujiwara <makoto%ki.nu@localhost>
Date: Tue, 05 Apr 2011 11:35:59 +0900

| From: Makoto Fujiwara <makoto%ki.nu@localhost>
| Date: Tue, 05 Apr 2011 09:12:20 +0900
| Message-ID: <yfm7hb95zff.wl%makoto%ki.nu@localhost>

wiz> xdg-utils-1.0.2 [will not remove, but patches welcome]

mef> I have the patch to 1.1.0-rc1 prepared.
mef> http://www.ki.nu/~makoto/pkgsrc/misc/xdg-utils-1.0.2
mef> (pkglint says Looks fine).

mef> (1) Shall I import it to wip for waiting rc1 removed, or
mef> (2) just send-pr or
mef> (3) extract the security patch and add to 1.0.2 ?

I have generated this patch.
    http://www.ki.nu/~makoto/pkgsrc/misc/xdg-utils-1.0.2nb1

I did not confirm patched version is vulnerable or not. 
I just picked up the diffs of following commit.

  2008-01-24 Kevin Krammer <kevin.krammer%gmx.at@localhost>
      * Fixing security issue in xdg-email and xdg-open at replacing
        parameter in $BROWSER

Thank you,
---
Makoto Fujiwara
mef%NetBSD.org@localhost

Follow-Ups:
- Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner
- xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
  - From: Makoto Fujiwara

Prev by Date: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
Next by Date: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index