Hello,

I've updated my 2004Q4 via cvs today and when I tried to make a package
from multimedia/xine-lib I get the error:

=================
===> Checking for vulnerabilities in xine-lib-1rc6anb2
*** WARNING - remote-code-execution vulnerability in xine-lib-1rc6anb2 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187 for more information ***
*** WARNING - remote-code-execution vulnerability in xine-lib-1rc6anb2 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1

Stop.
make: stopped in /usr/pkgsrc/multimedia/xine-lib
*** Error code 1

Stop.
make: stopped in /usr/pkgsrc/multimedia/xine-lib
=================

I have audit-packages installed with pkg-vulnerabilities updated today.

What I should do?

Yours,

	Nuno Teixeira


On Sun, Feb 27, 2005 at 04:27:58PM +0100, Lubomir Sedlacik wrote:
> On Sun, Feb 27, 2005 at 02:35:39PM +0000, Nuno Teixeira wrote:
> > I'm trying to install kde meta-package and kdemultimedia fails to
> > install because it depends on xine-lib. xine-lib package doesn't exist
> > because it has security problems.
> > 
> > What should I do? Could I installl xine-lib package from 1.6.2 on my
> > 2.0 i386 system and then install kdemultimedia package?
> > 
> > I'm using 2004Q4 packages on 2.0 i386.
> 
> xine-lib security fixes were pulled up to the 2004Q4 branch, just build
> your own package using pkgsrc.
> 
> 
> regards,
> 
> -- 
> -- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --



-- 
SDF Public Access UNIX System - http://sdf.lonestar.org