pkg/41023: Outdated, and vulnerable, security/courier-authlib package in pkgsrc-current

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/41023: Outdated, and vulnerable, security/courier-authlib package in pkgsrc-current
From: bughunting%xs4all.nl@localhost
Date: Sun, 15 Mar 2009 19:05:01 +0000 (UTC)

>Number:         41023
>Category:       pkg
>Synopsis:       Outdated, and vulnerable, security/courier-authlib package in 
>pkgsrc-current
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 15 19:05:00 +0000 2009
>Originator:     Bug Hunting
>Release:        n/a
>Organization:
>Environment:
>Description:
The security/courier-authlib package in pkgsrc-CURRENT is outdated and
and vulnerable, and should be updated as soon as possible.  It's been
like that for a while, now.
>How-To-Repeat:
With an up-to-date /usr/pkgsrc tree, do the following:

$ cd /usr/pkgsrc/security/courier-authlib/
$ make package-name | xargs /usr/pkg/sbin/pkg_admin audit-pkg
Package courier-authlib-0.61.0 has a sql-injection-attacks vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2380
>Fix:
The security/courier-authlib package should be updated to a newer, patched
version.  As of the time of writing, the latest release is
0.62.2 (03-Feb-2009).  See <http://www.courier-mta.org/authlib/>.

Prev by Date: pkg/41022: pkg qemu is not compiling anymore
Next by Date: Re: pkg/41022 (pkg qemu is not compiling anymore)
Previous by Thread: pkg/41022: pkg qemu is not compiling anymore
Next by Thread: Re: pkg/41022 (pkg qemu is not compiling anymore)
Indexes:

Home | Main Index | Thread Index | Old Index