pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls



To sum it up in a single mail:

* Opera 9.23 is out for quite a while and fixes one security issue with JavaScript and a few stability issues, so I guess the package ought to be updated and the updates pulled up to -2007Q2, which doesn't seem to have 9.22 yet, even (which already fixed security issues); * pkg-vulnerabilities doesn't list at least the security issue fixed by the release of Opera 9.23; * What I'm wondering about: Firefox 2.0.0.6 has this long-standing remote-information-exposure issue which prevents it from being built without ALLOW_VULNERABLE=yes; yet, there's a binary package available from a directory different from packages/vulnerable, and the corresponding README.html doesn't mention any vulnerabilities at all. I reckon this is to not confuse new users with such a popular package being not instantly available, but I haven't found anything about a change of policy regarding that matter; ISTR that earlier, Firefox was being treated differently? * The links to dependencies in the README.htmls on the pkgsrc ftp-server are long since broken. There's one "../" missing, for instance in x11/9term/README.html, there's a link to ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/x11/editors/sam/README.html. Note "x11/editors".

TIA for anything.

--
Dennis den Brok



Home | Main Index | Thread Index | Old Index