Subject: Re: Pkg sources that have exploits and I'd like updated
To: Ryan La Riviere <firstname.lastname@example.org>
From: Thomas Klausner <email@example.com>
Date: 03/04/2003 17:38:48
On Tue, Mar 04, 2003 at 11:28:48AM -0500, Ryan La Riviere wrote:
> I have several packages that I run on my server that I'd like to be able to
> update to the latest versions but the source is not current (and I'm not
> adept at updating the packages to make them current). Additionally, the
> package's source are versions that have exploits.
> The following is the output from `audit-packages`:
> Package libmcrypt-2.4.22 has a remote-user-shell vulnerability, see
Noone did the update for this one yet, but ...
> Package openssl-0.9.6g has a weak-encryption vulnerability, see
openssl-0.9.6gnb1 is in pkgsrc.
> Package php-4.1.2 has a remote-code-execution vulnerability, see
php-4.2.3nb2 is in pkgsrc.
> Package sendmail-8.12.6nb1 has a remote-code-execution vulnerability, see
sendmail-8.12.8 is in pkgsrc.
Just get a newer pkgsrc (e.g. from anoncvs) and update.