pkg/39922: IGNORE_URLS has no effect

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/39922: IGNORE_URLS has no effect
From: hramrach%centrum.cz@localhost
Date: Fri, 14 Nov 2008 15:20:00 +0000 (UTC)

>Number:         39922
>Category:       pkg
>Synopsis:       IGNORE_URLS has no effect
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Nov 14 15:20:00 +0000 2008
>Originator:     Michal Suchanek
>Release:        5BETA
>Organization:
CUNI
>Environment:
NetBSD  5.99.01 NetBSD 5.99.01 (miniMac) #0: Tue Nov 11 14:29:32 CET 2008  
root@:/home/hramrach/src/sys/arch/i386/compile/miniMac i386
>Description:
Package vim-share-7.2.40 has a remote-information-exposure vulnerability, see: 
http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in 
audit-packages.conf(5) if this package is absolutely essential.


Setting IGNORE_URLS affects audit_packages but does not allow installing the 
package.
>How-To-Repeat:
Try to install a vulnerable package.

Adding the vulnerability url into IGNORE_URLS in /etc/audit-packages.conf has 
no effect.
>Fix:

Prev by Date: pkg/39921: perl from pkgsrc does not support locale
Next by Date: PR/39778 CVS commit: pkgsrc/editors/emacs
Previous by Thread: pkg/39921: perl from pkgsrc does not support locale
Next by Thread: Re: pkg/39922: IGNORE_URLS has no effect
Indexes:

Home | Main Index | Thread Index | Old Index