tech-pkg: Re: lang/sun-j* security updates

Subject: Re: lang/sun-j* security updates
To: None <tech-pkg@netbsd.org>
From: Geert Hendrickx <ghen@telenet.be>
List: tech-pkg
Date: 11/30/2005 11:56:19
On Wed, Nov 30, 2005 at 11:41:09AM +0100, Geert Hendrickx wrote:
> On Wed, Nov 30, 2005 at 11:07:00AM +0100, Geert Hendrickx wrote:
> > Is anyone upgrading the lang/sun-j*14 packages already?  (security update
> > 1.4.2.10 released today).  Otherwise /me volunteers.  
> 
> Here are the diffs.  The update is minimal, so the diffs are quite trivial.
> The most important is this one: 
> 
> --- pkg-vulnerabilities.orig	2005-11-30 11:35:31.000000000 +0100
> +++ pkg-vulnerabilities	2005-11-30 11:35:27.000000000 +0100
> @@ -1145,7 +1145,7 @@
>  gsharutils<4.2.1nb6	1119,privilege-escalation	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0990
>  mysql-server<3.23.59	1120,privilege-escalation	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957
>  sun-{jre,jdk}15-*	1121,local-file-write	http://secunia.com/advisories/14902/
> -sun-{jre,jdk}14-*	1122,local-file-write	http://secunia.com/advisories/14902/
> +sun-{jre,jdk}14<2.10	1122,local-file-write	http://secunia.com/advisories/14902/
>  kdelibs-3.4.0{,nb1,nb2}	1123,buffer-overflow		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
>  kdelibs<3.3.2nb10	1124,buffer-overflow		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
>  gnome-vfs2-cdda-2.10.0	1125,remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706

My mistake; this update fixes _another_ vulnerability, so the correct
pkg-vulnerabilities diff is this one: 

--- pkg-vulnerabilities.orig	2005-11-30 11:54:11.000000000 +0100
+++ pkg-vulnerabilities	2005-11-30 11:54:09.000000000 +0100
@@ -1577,3 +1577,4 @@
 suse_gtk2<9.1nb4	1550,denial-of-service		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975
 suse_gtk2<9.1nb4	1551,arbitrary-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976
 suse_gtk2<9.1nb4	1552,arbitrary-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186
+sun-{jre,jdk}14<2.10	1553,local-file-write   	http://secunia.com/advisories/17748/

And vulnerability id. 1122 (Secunia #14902) remains unpatched.  

	Geert