Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages

To: Makoto Fujiwara <makoto%ki.nu@localhost>, pkgsrc-users%NetBSD.org@localhost
Subject: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Tue, 5 Apr 2011 11:18:56 +0200

On Tue, Apr 05, 2011 at 11:14:26AM +0200, Thomas Klausner wrote:
> On Tue, Apr 05, 2011 at 11:35:59AM +0900, Makoto Fujiwara wrote:
> > I have generated this patch.
> >     http://www.ki.nu/~makoto/pkgsrc/misc/xdg-utils-1.0.2nb1
> > 
> > I did not confirm patched version is vulnerable or not. 
> > I just picked up the diffs of following commit.
> > 
> >   2008-01-24 Kevin Krammer <kevin.krammer%gmx.at@localhost>
> >       * Fixing security issue in xdg-email and xdg-open at replacing
> >         parameter in $BROWSER
> 
> I've committed this, thank you!

When I looked at the vulnerabilities file again, I saw that it only
contained an entry for
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068
while the patches fix
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386

So more work to do here :(
 Thomas

Follow-Ups:
- Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner
- xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
  - From: Makoto Fujiwara
- Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
  - From: Makoto Fujiwara
- Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner

Prev by Date: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
Next by Date: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index