tech-pkg: HEADS UP: cvs, racoon, xchat* vulnerabilities

Subject: HEADS UP: cvs, racoon, xchat* vulnerabilities
To: None <tech-pkg@NetBSD.org>
From: Thomas Klausner <wiz@NetBSD.org>
List: tech-pkg
Date: 04/16/2004 00:57:14

Hi!

Since ftp.netbsd.org is down, download-vulnerability-list
fails, so please note:
since 2004/04/09, the pkg-vulnerabilities file grew
by the following lines:

racoon<20040408a        weak-authentication     http://www.vuxml.org/freebsd/d8769838-8814-11d8-90d1-0020ed76ef5a.html
xchat<1.8.11nb7         remote-code-execution   http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
xchat-2.0.[0-7]*        remote-code-execution   http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
xchat-2.0.8             remote-code-execution   http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
xchat-2.0.8nb1          remote-code-execution   http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
xchat-gnome<1.8.11nb7           remote-code-execution   http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
cvs<1.11.15             remote-file-write       http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102

Please verify if your installed packages are vulnerable;
pkgsrc contains fixed versions for all of the above.

 Thomas