pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls

To: pkgsrc-users%netbsd.org@localhost
Subject: pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls
From: "Dennis den Brok" <d.den.brok%uni-bonn.de@localhost>
Date: Tue, 21 Aug 2007 16:01:21 +0200

To sum it up in a single mail:

* Opera 9.23 is out for quite a while and fixes one security issue withJavaScript and a few stability issues, so I guess the package ought to beupdated and the updates pulled up to -2007Q2, which doesn't seem to have9.22 yet, even (which already fixed security issues);* pkg-vulnerabilities doesn't list at least the security issue fixed bythe release of Opera 9.23;* What I'm wondering about: Firefox 2.0.0.6 has this long-standingremote-information-exposure issue which prevents it from being builtwithout ALLOW_VULNERABLE=yes; yet, there's a binary package available froma directory different from packages/vulnerable, and the correspondingREADME.html doesn't mention any vulnerabilities at all. I reckon this isto not confuse new users with such a popular package being not instantlyavailable, but I haven't found anything about a change of policy regardingthat matter; ISTR that earlier, Firefox was being treated differently?* The links to dependencies in the README.htmls on the pkgsrc ftp-serverare long since broken. There's one "../" missing, for instance inx11/9term/README.html, there's a link toftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/x11/editors/sam/README.html.Note "x11/editors".


TIA for anything.

--
Dennis den Brok

Follow-Ups:
- Re: pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls
  - From: Adrian Portelli

Prev by Date: Re: xorg regression?
Next by Date: Re: xorg regression?
Previous by Thread: Broken package: chat/pidgin-silc
Next by Thread: Re: pkg-vulnerabilities, vulnerable packages, Opera 9.23, README.htmls
Indexes:

Home | Main Index | Thread Index | Old Index