pkg/28770: bogus p5-Tk vulnerability

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/28770: bogus p5-Tk vulnerability
From: mlelstv%serpens.de@localhost
Date: Fri, 24 Dec 2004 08:36:01 +0000 (UTC)

>Number:         28770
>Category:       pkg
>Synopsis:       bogus p5-Tk vulnerability
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 24 08:36:00 +0000 2004
>Originator:     Michael van Elst
>Release:        NetBSD 2.0
>Organization:
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."
>Environment:
        
        
System: NetBSD pepew 2.0 NetBSD 2.0 (PEPEW) #13: Mon Dec 20 08:39:51 CET 2004 
src@pepew:/sys/arch/i386/compile/PEPEW i386
Architecture: i386
Machine: i386
>Description:
p5-Tk appeared in the pkg-vulnerabilities list pointing to

 http://scary.beasts.org/security/CESA-2004-001.txt

This is a reference to a buffer overflow in libpng.

>How-To-Repeat:
>Fix:
Either there is no known vulnerability in p5-Tk and the entry
should be removed or the reference is wrong and should be
replaced with a correct one.


>Unformatted:

Prev by Date: pkg/28769: Some sed scripts depend on C locale.
Next by Date: Re: pkg/28766: mail/nail: IRIX also has /usr/lib/sendmail
Previous by Thread: pkg/28769: Some sed scripts depend on C locale.
Next by Thread: pkg/28771: dia / pygtk problem
Indexes:

Home | Main Index | Thread Index | Old Index