Re: [HEADSUP] Removing vulnerable packages

To: pkgsrc-users%NetBSD.org@localhost
Subject: Re: [HEADSUP] Removing vulnerable packages
From: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Date: Fri, 1 Apr 2011 14:14:40 +0200

At 11:47 Uhr +0200 01.04.2011, Thomas Klausner wrote:
>The packages listed below were marked as vulnerable on January 1, 2010
>and still marked as vulnerable on April 1, 2011, while having no version
>number updates (except for PKGREVISION bumps) in the meantime.[1]
>
>Please speak up if you are currently using one of them.
>If you speak up, please think about providing patches to fix the
>security issues (though it's not a requirement).

[...]

>compat14-1.4.3
>compat15-1.5.3

These would naturally have security issues, but when you need them, you
need them.

>netbsd32_compat15-1.5.3

Same here.

>xemacs-21.5.27
>xemacs-nox11-21.5.27

I use those.

I tried to update the package to the "current" 21.5.29, but didn't get it
to build, and ran out of time. The XEmacs project is currently
transitioning to gpl3 in preparation for a new release.

        hauke

-- 
     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email            Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-3281

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

Prev by Date: Re: [HEADSUP] Removing vulnerable packages
Next by Date: Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index