pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/33971: One addition/one revision needed to the pkg-vulnerabilities file



>Number:         33971
>Category:       pkg
>Synopsis:       One addition/one revision needed to the pkg-vulnerabilities 
>file
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Jul 11 01:55:00 +0000 2006
>Originator:     David H. Gutteridge
>Release:        Mostly 3.0 these days
>Organization:
>Environment:
>Description:
Hello,

Two items for the pkg-vulnerabilities file:

(1) The vulnerability reported against dia:

dia-0.[0-9]*            arbitrary-code-execution        
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480

has been fixed in version 0.95-1, which has the following notation in its 
ChangeLog file:

       * plug-ins/wmf/wmf.cpp: Patch from Hans de Goede: Fix bug #342111,
        security vulnerabilities from string format errors.

(2) There's no reference to 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2197

which affects wv2 before version 0.2.3.  (pkgsrc-current and 2006-Q2 have 
already been updated to reflect this latest version.)

Regards,

Dave

>How-To-Repeat:

>Fix:




Home | Main Index | Thread Index | Old Index