pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [HEADSUP] Removing vulnerable packages



On Fri, Apr 01, 2011 at 08:37:53PM +0900, OBATA Akio wrote:
> On Fri, 01 Apr 2011 18:47:30 +0900, Thomas Klausner 
> <wiz%netbsd.org@localhost> wrote:
> 
> >ap22-auth-mysql-1.11.12
> >ap22-auth-mysql-4.3.1
> 
> PKGNAME conflicts.
> CVE-2008-2384 is for www/ap-auth-mysql (ap22-auth-mysql-4.3.1).

Oh no. Can we rename one of them?

> >bash-completion-1.0
> 
> Just not confirmed fixed.
> I've confirmed vulnerabilities with old code-base version 
> (bash-completion-20060301),
> but switched to Debian's one.

Please check it, thanks.

> >putty-0.6.20090906
> 
> As I already noticed at import time, PKGVERSION of security/putty-devel 
> should be changed,
> something like 0.60{alpha,beta,pre}20090906, or it is very old version than 
> security/putty.
> http://mail-index.netbsd.org/pkgsrc-changes/2009/09/08/msg029512.html

Fixed as you suggested.

Thanks,
 Thomas


Home | Main Index | Thread Index | Old Index