pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Removing teTeX2 packages (was: Re: Removing teTeX1 package (and dependencies))
On Sat, Jan 28, 2006 at 02:52:26PM +0100, Thomas Klausner wrote on tech-pkg:
> Currently, only the teTeX3 packages are patched for the latest
> vulnerabilities. For the 1 and 2 versions, the following
> vulnerabilities are not fixed:
> teTeX-bin-1.[0-9]* 1731,denial-of-service
> http://secunia.com/advisories/17916/
> teTeX-bin-2.[0-9]* 1732,denial-of-service
> http://secunia.com/advisories/17916/
> teTeX-bin-1.[0-9]* 1734,arbitrary-code-execution
> http://secunia.com/advisories/17916/
> teTeX-bin-2.[0-9]* 1735,arbitrary-code-execution
> http://secunia.com/advisories/17916/
> teTeX-bin-1.[0-9]* 1737,denial-of-service
> http://secunia.com/advisories/18329/
> teTeX-bin-2.[0-9]* 1738,denial-of-service
> http://secunia.com/advisories/18329/
> teTeX-bin-1.[0-9]* 1740,arbitrary-code-execution
> http://secunia.com/advisories/18329/
> teTeX-bin-2.[0-9]* 1741,arbitrary-code-execution
> http://secunia.com/advisories/18329/
>
> Is there a point in keeping the old teTeX versions?
>
> Is someone interested in maintaining them actively?
...
> I'm not yet sure what to do about the teTeX2 packages.
> teTeX2 dependencies are:
> print/ja-jsclasses
> print/ja-ptex
> print/ja-ptex-bin
> print/ja-ptex-share
> print/ja-vfxdvik
> print/tex-textpos
I just removed the teTeX1 packages.
The problems in teTeX2 haven't been fixed in the last three months, it
seems noone really wants to maintain them either. Any opposition to
removing them too?
Thomas
Home |
Main Index |
Thread Index |
Old Index