[/x11/qt4-libs] can't install because it's has Security vulnerability

To: pkgsrc-users%NetBSD.org@localhost
Subject: [/x11/qt4-libs] can't install because it's has Security vulnerability
From: iii <gognulinux%gmail.com@localhost>
Date: Fri, 26 Oct 2012 13:48:16 +0300

hi @pkgsrc-users

why the package x11/qt4-libs , has open security issue , why isn't
fixed ??? 

i need this package to build & install net/Transmission-gui .

if the this issue will not be fixed , can i install Transmission-gui
without QT ? 
---
......
......
==========================================================================
=> Build dependency libtool-base>=2.2.6bnb3: found
libtool-base-2.2.6bnb8
=> Build dependency nbpatch-[0-9]*: found nbpatch-20100124
=> Build dependency kbproto>=1.0.2: found kbproto-1.0.6
=> Build dependency xproto>=7.0.9: found xproto-7.0.23nb1
=> Build dependency xcb-proto>=1.4: found xcb-proto-1.7.1nb1
=> Build dependency xextproto>=7.0: found xextproto-7.2.1
=> Build dependency inputproto>=1.4: found inputproto-2.2
=> Build dependency xineramaproto>=1.1.1: found xineramaproto-1.2.1
=> Build dependency fixesproto>=3.0.0: found fixesproto-5.0
=> Build dependency renderproto>=0.9.3nb1: found renderproto-0.11.1
=> Build dependency randrproto>=1.2.0: found randrproto-1.4.0
=> Full dependency libtool-base-[0-9]*: found libtool-base-2.2.6bnb8
=> Full dependency libXinerama>=1.0.1: found libXinerama-1.1.2
=> Full dependency qt4-libs>=4.8.3nb1: NOT found
=> Verifying package-install for ../../x11/qt4-libs
=> Bootstrap dependency digest>=20010302: found digest-20111104
=> Bootstrap dependency tnftp-[0-9]*: found tnftp-20070806
===> Checking for vulnerabilities in qt4-libs-4.8.3nb1
Package qt4-libs-4.8.3nb1 has a arbitrary-code-execution vulnerability,
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
Package qt4-libs-4.8.3nb1 has a arbitrary-code-execution vulnerability,
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
Package qt4-libs-4.8.3nb1 has a arbitrary-code-execution vulnerability,
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
Package qt4-libs-4.8.3nb1 has a sensitive-information-exposure
vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
Package qt4-libs-4.8.3nb1 has a arbitrary-code-execution vulnerability,
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
Package qt4-libs-4.8.3nb1 has a arbitrary-code-execution vulnerability,
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
Package qt4-libs-4.8.3nb1 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2621
Package qt4-libs-4.8.3nb1 has a denial-of-service vulnerability, see
http://secunia.com/advisories/40588/
Package qt4-libs-4.8.3nb1 has a remote-system-access vulnerability, see
http://secunia.com/advisories/46140/
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in
pkg_install.conf(5) if this package is absolutely essential.
*** Error code 1

Stop.
bmake: stopped in /usr/local/pkgsrc/x11/qt4-libs
*** Error code 1

Stop.
bmake: stopped in /usr/local/pkgsrc/x11/qt4-tools
*** Error code 1

Stop.
bmake: stopped in /usr/local/pkgsrc/net/Transmission-gui

---
Fruther info 

$ uname -a
Linux uLTS 2.6.32-44-generic #98-Ubuntu SMP Mon Sep 24 17:27:10 UTC 2012
x86_64 GNU/Linux

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 10.04.4 LTS
Release:        10.04
Codename:       lucid

$ cat ../../CVS/Tag 
Tpkgsrc-2012Q3

K.S.L , from Saudi Arabia

Follow-Ups:
- Re: [/x11/qt4-libs] can't install because it's has Security vulnerability
  - From: Jonathan Perkin

Prev by Date: BU‌Y‌ VlAG‌RA
Next by Date: Re: [/x11/qt4-libs] can't install because it's has Security vulnerability
Previous by Thread: BU‌Y‌ VlAG‌RA
Next by Thread: Re: [/x11/qt4-libs] can't install because it's has Security vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index