tech-pkg: insecure kdelibs2 (and kdelibs2 and kdelibs-3 at same time?)

Subject: insecure kdelibs2 (and kdelibs2 and kdelibs-3 at same time?)
To: None <tech-pkg@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 06/06/2003 08:32:54

I want to install misc/kstars for my sons. But:

===> Required package kdelibs<3.0: NOT found
===> Verifying reinstall for ../../x11/kdelibs2
===> Checking for vulnerabilities in kdelibs-2.2.2nb5
*** WARNING - remote-code-execution vulnerability in kdelibs-2.2.2nb5 -
see http
://www.kde.org/info/security/advisory-20021220-1.txt for more information ***
*** WARNING - remote-code-execution vulnerability in kdelibs-2.2.2nb5 -
see http
://www.kde.org/info/security/advisory-20030409-1.txt for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential


I already have kdelibs-3.1.2 installed for use with kmymoney2.


Is there anyway to have both installed at same time? (It seems like they
share the same PKGNAME without version.)

Is there anyway for it to be checked (that a kdelibs is already
install) before attempting building kdelibs2 so not to waste time?

And finally, has anyone looked at providing fixes for old kdelibs2?
(If not, maybe kdelibs2 should be removed.)

I should try kstars with newer kdelibs ...

   Jeremy C. Reed
   http://bsd.reedmedia.net/