Re: [HEADSUP] Removing vulnerable packages

To: pkgsrc-users%netbsd.org@localhost
Subject: Re: [HEADSUP] Removing vulnerable packages
From: "OBATA Akio" <obache%netbsd.org@localhost>
Date: Fri, 01 Apr 2011 22:33:04 +0900

On Fri, 01 Apr 2011 21:02:32 +0900, Thomas Klausner <wiz%netbsd.org@localhost> 
wrote:

On Fri, Apr 01, 2011 at 08:37:53PM +0900, OBATA Akio wrote:

On Fri, 01 Apr 2011 18:47:30 +0900, Thomas Klausner <wiz%netbsd.org@localhost> 
wrote:

>ap22-auth-mysql-1.11.12
>ap22-auth-mysql-4.3.1

PKGNAME conflicts.
CVE-2008-2384 is for www/ap-auth-mysql (ap22-auth-mysql-4.3.1).


Oh no. Can we rename one of them?


Hmm, After some digging...
www/ap-auth-mysql
  From debian/copyright, it seemes that it is debianised (and folk?) of 
following:
  http://mod-auth-mysql.sourceforge.net/
www/ap2-auth-mysql
  upstream dead.
  From CHANGES, it seems that following is successor (or folk) of it.
  http://modauthmysql.sourceforge.net/

>bash-completion-1.0

Just not confirmed fixed.
I've confirmed vulnerabilities with old code-base version 
(bash-completion-20060301),
but switched to Debian's one.


Please check it, thanks.


Debian's
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=259987
RedHat's
  https://bugzilla.redhat.com/show_bug.cgi?id=492589

I'm not a bash user.
I could reproduced some of them, but I cannot check all of them.

--
OBATA Akio / obache%NetBSD.org@localhost

Follow-Ups:
- Re: [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner
- Re: [HEADSUP] Removing vulnerable packages
  - From: OBATA Akio
- Re: [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

Prev by Date: Re: [HEADSUP] Removing vulnerable packages
Next by Date: Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index