Edgar Rodolfo <rodolfobsd%gmail.com@localhost> writes: > Then i put in /usr/pkgsrc/mk/default/mk.conf > ALLOW_VULNERABLE_PACKAGES= yes > is a risk it?, if i don't put it i can't use squid and other packages > :(, currently i am using my small server (squid and dns and other) Basically the situation is: almost all software has vulnerabilities some of those are known some of the known ones are known publically some of the publically known ones are listed in pkg-vulnerabilities pkgsrc, by default, will not build (and perhaps not install) packages which have a vulnerability listed in pkg-vulnerabilities if you set ALLOW_VULNERABLE_PACKAGES=yes, then the check/stop for packages in pkg-vulnerabilities is skipped. So "is it a risk" is a question about your particularly situation and the particular programs you are running, and there is no general answer. Your choices are: 1) figure out how to stop using php and squid 2) install the new version anyway (perhaps figuring that replacing an older version with a newer version is not incrementally worse, usually) 3) go read the advistory and figure out if ther's a new version and/or a patch, and install that. Optionally send a patch to the package to help others out 4) turn off your computer until someone else does (3)
Attachment:
pgpeyMwW7J9HD.pgp
Description: PGP signature