wiz@NetBSD.org said:
> The vulnerability affects the kdelibs2 package... 

Perhaps we can patch around it...
(The original link describing the bug is dead.)
Otoh, the mere existence of a development library which might
allow building of insecure apps does not mean much. It is the
installation of a program which uses that lib as root or suid
what causes the risk.

> What do you suggest?

So I'd say: leave at least kdelibs2. Maybe more, if the problem
can be patched.

> it currently doesn't even install because of some kdmrc trouble

I've seen it in the buildlog report, but atm I don't even get so
far because I've messed up the x11 installation on my development
box. (which is an amd64 now - the new src/x11 stuff doesn't like
it yet)

best regards
Matthias