pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [HEADSUP] Removing vulnerable packages



On Fri, 01 Apr 2011 22:55:19 +0900, Thomas Klausner <wiz%netbsd.org@localhost> 
wrote:

On Fri, Apr 01, 2011 at 10:33:04PM +0900, OBATA Akio wrote:
On Fri, 01 Apr 2011 21:02:32 +0900, Thomas Klausner <wiz%netbsd.org@localhost> 
wrote:
>Oh no. Can we rename one of them?

Hmm, After some digging...
www/ap-auth-mysql
  From debian/copyright, it seemes that it is debianised (and folk?) of 
following:
  http://mod-auth-mysql.sourceforge.net/
www/ap2-auth-mysql
  upstream dead.
  From CHANGES, it seems that following is successor (or folk) of it.
  http://modauthmysql.sourceforge.net/

So the dead version has the security issue?
Then we can remove it and fix the pattern so it doesn't match the less
dead one :)

Unfortunately, vulnerable one is www/ap-auth-mysql.

Debian's
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=259987
RedHat's
  https://bugzilla.redhat.com/show_bug.cgi?id=492589

I'm not a bash user.
I could reproduced some of them, but I cannot check all of them.

Debian closed their bug report in 2009, so if we update to the latest
1.3, we should be fine to. (I'm not gonna do the update.)

Thanks.

--
OBATA Akio / obache%NetBSD.org@localhost


Home | Main Index | Thread Index | Old Index