Re: [HEADSUP] Removing vulnerable packages

To: pkgsrc-users%NetBSD.org@localhost, tech-pkg%NetBSD.org@localhost
Subject: Re: [HEADSUP] Removing vulnerable packages
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Fri, 8 Apr 2011 13:20:09 +0200

Here's an update to my list of last week:

On Fri, Apr 01, 2011 at 11:47:30AM +0200, Thomas Klausner wrote:
> The packages listed below were marked as vulnerable on January 1, 2010
> and still marked as vulnerable on April 1, 2011, while having no version
> number updates (except for PKGREVISION bumps) in the meantime.[1]
> 
> Please speak up if you are currently using one of them.
> If you speak up, please think about providing patches to fix the
> security issues (though it's not a requirement).
> 
> I'll remove packages for which noone spoke up after the branch is cut,
> but at the earliest two weeks from now.
> This might also cause the removal of dependencies if the package
> contains a library or is a dependency for another reason.

For these packages noone has spoken up:

RealPlayerGold-10.0.9.809.20070726
acroread-4.05
acroread5-5.10
acroread7-7.0.9
adobe-flash-plugin-10.0.0.525
amaya-10.0.1
asp2php-0.76.17
aview-1.3.0.1
bugzilla-2.22.7
bugzilla-3.2.4
camlimages-2.2.0
cyrus-imapd-2.1.18
firefox-bin-flash-9.0.124
fwbuilder-2.0.12
fwbuilder21-2.1.19
gpsdrive-1.31
instiki-0.9.2
jakarta-tomcat4-4.1.30
jakarta-tomcat5-5.0.30
libxml-1.8.17
mailscanner-4.30.3.2
mgv-3.1.5
newt-0.51.6
ntop-1.1
quake3arena-1.32b
quake3server-1.32b
roundup-1.4.6
sarg-2.1
squidGuard-1.4
synce-dccm-0.9.1
tkman-2.2
trickle-1.06
tunapie-2.1.6
vlc08-0.8.6i
zope210-2.10.7
zope211-2.11.2
zope29-2.9.10
zope3-3.3.1


Spoken for:
acroread8-8.1.7
automake14-1.4.6
bash-completion-1.0
compat14-1.4.3
compat15-1.5.3
crossfire-server-1.11.0
gdb-6.2.1
kdegraphics-3.5.10
kdelibs-3.5.10
lmbench-2.11a
mutt-1.4.2.3
netbsd32_compat15-1.5.3
pdfjam-1.20
prelude-manager-0.9.15
suse32_freetype2-10.0
suse32_gtk2-10.0
suse32_libcups-10.0
suse32_openssl-10.0
suse_freetype2-10.0
suse_gtk2-10.0
suse_libcups-10.0
suse_openssl-10.0
userppp-001107
wxGTK-2.6.3
wxGTK24-2.4.2
xdg-utils-1.0.2
xemacs-21.5.27
xemacs-nox11-21.5.27
xentools3-3.1.4

Fixed:
ap22-auth-mysql-4.3.1
blender-2.49b
kadu-0.5.0
mpop-1.0.12
putty-0.6.20090906
snort-2.8.3.1
xmp-2.5.1

Incorrectly on the list:
ap22-auth-mysql-1.11.12
freetype-1.5

 Thomas

Follow-Ups:
- Re: [HEADSUP] Removing vulnerable packages
  - From: Ryo HAYASAKA
- Re: [HEADSUP] Removing vulnerable packages
  - From: David Holland
- Re: [HEADSUP] Removing vulnerable packages
  - From: Roger Brooks
- Re: [HEADSUP] Removing vulnerable packages
  - From: Stephen Borrill

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index