pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/47518: security/libssh MUST be replaced by the real wip/libssh

>Number:         47518
>Category:       pkg
>Synopsis:       security/libssh MUST be replaced by the real wip/libssh
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 31 15:20:00 +0000 2013
>Originator:     Noud de Brouwer
>Release:        does imply all releases that can build security/libssh
NetBSD 6.99.16 NetBSD 6.99.16 (MONOLITHIC.UGEN) #7: Wed Jan 16 
02:06:10 UTC 2013  
mickey55@ i386
security/libssh in an imposter and wip/libssh is the real thing.

DISTNAME=       libssh-0.11
CATEGORIES=     security

DISTNAME=               libssh-0.5.3
CATEGORIES=             security

now what are the implications!!, we do _not_ know in the current situation if 
we are exploitable through:
CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and CVE-2012-4562.

furthermore: this _total_ unknown security/libssh is used in
wip/gtk-grdc that can be removed given we now have net/remmina.

furthermore: we now have security/hydra,
if we want to keep this it should be in malware/hydra.

i high advise to retrieve ASau his account, even want his
sponsor to be monitored now (given i do not constant want to
check for booby-traps, backdoors and the like given time.)
yeah (use your eyes and knowledge).
remove existing security/libssh and pull-up wip/libssh,
preferably immediate.

Home | Main Index | Thread Index | Old Index