Re: pkg/44936: devel/automake14 has an unreported vulerability

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,jwbiagio%gmail.com@localhost
Subject: Re: pkg/44936: devel/automake14 has an unreported vulerability
From: David Holland <dholland-pbugs%netbsd.org@localhost>
Date: Sat, 7 May 2011 00:35:02 +0000 (UTC)

The following reply was made to PR pkg/44936; it has been noted by GNATS.

From: David Holland <dholland-pbugs%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/44936: devel/automake14 has an unreported vulerability
Date: Sat, 7 May 2011 00:32:44 +0000

 On Thu, May 05, 2011 at 05:30:01PM +0000, jwbiagio%gmail.com@localhost wrote:
  > Building automake14 (required by libwww) fails when security
  > auditing is installed. CVE-2009-4029.

 That sounds like a *reported* vulnerability.

 Anyhow, it's not going to get fixed; if you find it unacceptable to
 build and install the package with this vulnerability, the way forward
 is to fix the small number of packages that still require automake14
 so automake14 can be removed.

 I see only two such packages - audio/tremor-tools and www/libwww.

 (and note that libwww itself has an outstanding vulnerability)

 -- 
 David A. Holland
 dholland%netbsd.org@localhost

Prev by Date: Re: pkg/36220 (new package for importing to pkgsrc: xmms-cdread)
Next by Date: Re: pkg/44936: devel/automake14 has an unreported vulerability
Previous by Thread: pkg/44936: devel/automake14 has an unreported vulerability
Next by Thread: Re: pkg/44936: devel/automake14 has an unreported vulerability
Indexes:

Home | Main Index | Thread Index | Old Index