pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re[2]: pkg/41305: pkg_admin fetch-pkg-vulnerabilities did not work
Hello Jeremy
> The following reply was made to PR pkg/41305; it has been noted by GNATS.
> From: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
> pkgsrc-bugs%netbsd.org@localhost
> Subject: Re: pkg/41305: pkg_admin fetch-pkg-vulnerabilities did not work
> Date: Wed, 29 Apr 2009 12:11:03 -0500 (CDT)
>> If i use
>> pkg_admin fetch-pkg-vulnerabilities
>>
>> i got
>> usage: pkg_admin [-bqSV] [-d lsdir] [-K pkg_dbdir] [-s sfx] command args ...
>> Where 'commands' and 'args' are:
>> ......an so on
>
> I assume you are using pkg_admin from NetBSD 4.0.1.
>
> if you want newer pkg_admin use pkgsrc/pkgtools/pkg_install and change
> your executable PATH or use full path to new pkg_admin.
>
> (But man would still show old version....)
>
> Or use old audit-packages and download-vulnerability-list -- but the
> package was removed. (I don't know why the package was removed when NetBSD
> releases don't have it.)
I installed from pkgsrc/pkgtools/pkg_install.
But, you are right.
If i use /usr/pkg/sbin/php_admin -V
i got now
20090406
(See also my answer to Joergs post)
If i use
/usr/pkg/sbin/php_admin fetch-pkg-vulnerabilities
there is no output
and
/usr/pkg/sbin/php_admin audit
gives
Package mutt-1.4.2.3nb2 has a signature-spoofing vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1268
Package ap22-perl-2.0.4nb2 has a cross-site-scripting vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796
Package ghostscript-8.64nb2 has a arbitrary-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
So it seems, it is working correct this way.
Thank you for assistance
Best regards
Reinhold
--
Reinhold
Home |
Main Index |
Thread Index |
Old Index