tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[HEADSUP] Removing vulnerable packages



Hi!

The packages listed below were marked as vulnerable on January 1, 2010
and still marked as vulnerable on April 1, 2011, while having no version
number updates (except for PKGREVISION bumps) in the meantime.[1]

Please speak up if you are currently using one of them.
If you speak up, please think about providing patches to fix the
security issues (though it's not a requirement).

I'll remove packages for which noone spoke up after the branch is cut,
but at the earliest two weeks from now.
This might also cause the removal of dependencies if the package
contains a library or is a dependency for another reason.

RealPlayerGold-10.0.9.809.20070726
acroread-4.05
acroread5-5.10
acroread7-7.0.9
acroread8-8.1.7
adobe-flash-plugin-10.0.0.525
amaya-10.0.1
ap22-auth-mysql-1.11.12
ap22-auth-mysql-4.3.1
asp2php-0.76.17
automake14-1.4.6 [will not remove, still used by too much, patches welcome]
aview-1.3.0.1
bash-completion-1.0
blender-2.49b
bugzilla-2.22.7
bugzilla-3.2.4
camlimages-2.2.0
compat14-1.4.3
compat15-1.5.3
crossfire-server-1.11.0
cyrus-imapd-2.1.18
firefox-bin-flash-9.0.124
freetype-1.5
fwbuilder-2.0.12
fwbuilder21-2.1.19
gdb-6.2.1
gpsdrive-1.31
instiki-0.9.2
jakarta-tomcat4-4.1.30
jakarta-tomcat5-5.0.30
kadu-0.5.0
kdegraphics-3.5.10 [will not remove, but patches welcome]
kdelibs-3.5.10 [will not remove, but patches welcome]
libxml-1.8.17
lmbench-2.11a
mailscanner-4.30.3.2
mgv-3.1.5
mpop-1.0.12
mutt-1.4.2.3
netbsd32_compat15-1.5.3
newt-0.51.6
ntop-1.1
pdfjam-1.20
prelude-manager-0.9.15
putty-0.6.20090906
quake3arena-1.32b
quake3server-1.32b
roundup-1.4.6
sarg-2.1
snort-2.8.3.1
squidGuard-1.4
suse32_freetype2-10.0
suse32_gtk2-10.0
suse32_libcups-10.0
suse32_openssl-10.0
suse_freetype2-10.0
suse_gtk2-10.0
suse_libcups-10.0
suse_openssl-10.0
synce-dccm-0.9.1
tkman-2.2
trickle-1.06
tunapie-2.1.6
userppp-001107
vlc08-0.8.6i
wxGTK-2.6.3
wxGTK24-2.4.2
xdg-utils-1.0.2 [will not remove, but patches welcome]
xemacs-21.5.27
xemacs-nox11-21.5.27
xentools3-3.1.4
xmp-2.5.1
zope210-2.10.7
zope211-2.11.2
zope29-2.9.10
zope3-3.3.1


Thanks,
 Thomas

P.S. Please reply to pkgsrc-users only (reply-to set)

[1] In rare cases, they might currently be affected by a different
unfixed vulnerability than they were in 2010.



Home | Main Index | Thread Index | Old Index