Re: [HEADSUP] Removing vulnerable packages

To: pkgsrc-users%netbsd.org@localhost
Subject: Re: [HEADSUP] Removing vulnerable packages
From: "OBATA Akio" <obache%netbsd.org@localhost>
Date: Sat, 02 Apr 2011 19:02:55 +0900

On Fri, 01 Apr 2011 18:47:30 +0900, Thomas Klausner <wiz%netbsd.org@localhost> 
wrote:

acroread-4.05
acroread5-5.10
acroread7-7.0.9
acroread8-8.1.7

bugzilla-2.22.7

jakarta-tomcat4-4.1.30
jakarta-tomcat5-5.0.30


EOL packages.

kadu-0.5.0


It is not vulnerable.
Updated pkg-vulnerabilities.

newt-0.51.6


update to newt>=0.52.11, and will be resolved.

roundup-1.4.6


For http://issues.roundup-tracker.org/issue2550521 (roundup-[0-9]*),
it's CVE-2009-2737, maybe fixed by following commit, and resolved in >=1.4.7.
 http://svn.roundup-tracker.org/viewvc/roundup?view=revision&revision=4180

xdg-utils-1.0.2 [will not remove, but patches welcome]


unclear solution...

--
OBATA Akio / obache%NetBSD.org@localhost

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

Prev by Date: Re: [HEADSUP] Removing vulnerable packages
Next by Date: Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index