error in vulnerability list re: latest firefox

To: pkgsrc-users%netbsd.org@localhost
Subject: error in vulnerability list re: latest firefox
From: Anne Bennett <anne%porcupine.montreal.qc.ca@localhost>
Date: Sat, 28 Jul 2007 16:54:56 -0400 (EDT)


Hi, all.

I'm trying to install firefox (2.0.0.5) from pkgsrc-current, but "make
fetch" complains about CVE-2006-2894, which I'm fairly sure was
addressed several versions ago.  I think that the problem is that
the entry in the vulnerability list needs to be updated.  There are
four lines that refer to the problem:

  firefox{,2}{,-bin,-gtk1}-[0-9]*       remote-information-exposure     
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
  seamonkey{,-bin,-gtk1}-[0-9]* remote-information-exposure     
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
  mozilla{,-bin,-gtk2}-[0-9]*   remote-information-exposure     
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
  netscape7-[0-9]*      remote-information-exposure     
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894


... but I'm pretty sure that firefox (formerly known as firefox2) and
seamonkey have had that fixed in the past few releases.

For now I'll work around with ALLOW_VULNERABLE_PACKAGES.

Anne Bennett.

Follow-Ups:
- Re: error in vulnerability list re: latest firefox
  - From: Geert Hendrickx

Prev by Date: Re: updating vulnerable package in pkgsrc (gimp24)
Next by Date: Re: error in vulnerability list re: latest firefox
Previous by Thread: Re: updating vulnerable package in pkgsrc (gimp24)
Next by Thread: Re: error in vulnerability list re: latest firefox
Indexes:

Home | Main Index | Thread Index | Old Index