Subject: searching for pkg updates?
To: list Cobalt NetBSD <firstname.lastname@example.org>
From: Brian McEwen <email@example.com>
Date: 02/06/2007 17:38:25
I was going to try out samba, in part to see if I could replicate
Glyn's file copy issues, in part to see if my wife liked using it
instead of WinSCP for sftp.
However, it looks like the current version in pkgsrc has multiple
vulnerabilities, and I can't find a newer one for NetBSD. I tried
to check pkgsrc-wip, but I can't find it either, let alone figure out
if samba is undergoing renovation. (Wasn't there once a discussion
about reorganizing the ftp site so that it made a little more sense
I did look and realize that all of these are 2007 announcements, and
2 are from Feb 5. So it's recent. But how do/where would I find
something being worked on it it isn't in -current yet? There is a
3.0.24 samba out, I read.
BTW what is the digest-20050323 (below) about? I just updated
pkgsrc, via (in part):
setenv CVSROOT anoncvs@anoncvs.NetBSD.org:/cvsroot
cvs -q update -dP
Which should give me -current pkgsrc, per "tracking current" section
of the NetBSD website. Why do I have a reference to a 2005 digest?
=> Required installed package digest>=20010302: digest-20050323 found
===> Checking for vulnerabilities in samba-3.0.22nb3
ERROR: denial-of-service vulnerability in samba-3.0.22nb3 - see
http://samba.org/samba/security/CVE-2007-0452.html for more information
ERROR: solaris-buffer-overflow vulnerability in samba-3.0.22nb3 - see
http://samba.org/samba/security/CVE-2007-0453.html for more information
ERROR: vfs-format-string vulnerability in samba-3.0.22nb3 - see
http://samba.org/samba/security/CVE-2007-0454.html for more information
ERROR: Define ALLOW_VULNERABLE_PACKAGES if this package is absolutely
*** Error code 1