Re: pkg/50082 (suse131 packages are outdated)

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,okuyama%flex.phys.tohoku.ac.jp@localhost
Subject: Re: pkg/50082 (suse131 packages are outdated)
From: Rin Okuyama <okuyama%flex.phys.tohoku.ac.jp@localhost>
Date: Wed, 29 Jul 2015 02:30:00 +0000 (UTC)

The following reply was made to PR pkg/50082; it has been noted by GNATS.

From: Rin Okuyama <okuyama%flex.phys.tohoku.ac.jp@localhost>
To: gnats-bugs%NetBSD.org@localhost, pkg-manager%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost,
 gnats-admin%netbsd.org@localhost, wiz%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/50082 (suse131 packages are outdated)
Date: Wed, 29 Jul 2015 11:26:24 +0900

 > Committed, thank you.
 > Can you please send a patch for the pkg-vulnerabilities file?

 Thank you for your commit.

 As a precaution, I tried to confirm that a vulnerability recorded in
 pkg-vulnerabilities file, CVE-2014-4043, is actually resolved.

 The result is *very disappointing*. As I could not find their commit
 log for this vulnerability, I executed a test code obtained from

   https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4043

 and found this vulnerability remains! I also checked it on openSUSE
 13.1 installed in a virtual machine. In conclusion, openSUSE community
 leaves the well-known vulnerability in their supported branch.

 Unfortunately, we can no longer trust packages provided by openSUSE.
 We may have two options, (1) check and fix every vulnerabilities for
 openSUSE, or (2) switch to a more reliable distribution. Both seem
 very hard though....

Prev by Date: Re: pkg/50082 (suse131 packages are outdated)
Next by Date: Re: pkg/50082 (suse131 packages are outdated)
Previous by Thread: Re: pkg/50082 (suse131 packages are outdated)
Next by Thread: Re: pkg/50082 (suse131 packages are outdated)
Indexes:

Home | Main Index | Thread Index | Old Index