Re: package with security hole not flagged at build time

To: Geert Hendrickx <ghen%telenet.be@localhost>
Subject: Re: package with security hole not flagged at build time
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Tue, 9 Jan 2007 12:42:05 -0500

On Tue, 9 Jan 2007 18:35:43 +0100
Geert Hendrickx <ghen%telenet.be@localhost> wrote:

> On Tue, Jan 09, 2007 at 10:38:34AM -0500, Steven M. Bellovin wrote:
> > According to audit-packages, fetchmail-6.2.5.5nb1 has a security
> > hole. When I go to its directory and do a 'make', it builds it
> > without noticing the problem.  My pkgsrc is up-to-date (HEAD), as
> > is my audit-packages and the vulnerabilities file it uses.  (This
> > is on -current from about two weeks ago.)
> 
> Do you have ALLOW_VULNERABLE_PACKAGES set in your environment or in
> mk.conf?
> 

No:

# set|grep ALLOW_VULNERABLE_PACKAGES
# grep ALLOW_VULNERABLE_PACKAGES /etc/mk.conf

Btw, the same seems to be happening for print/acroread7.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: package with security hole not flagged at build time
  - From: Adrian Portelli

References:
- package with security hole not flagged at build time
  - From: Steven M. Bellovin
- Re: package with security hole not flagged at build time
  - From: Geert Hendrickx

Prev by Date: Re: package with security hole not flagged at build time
Next by Date: mail/nmh fails to build on Darwin
Previous by Thread: Re: package with security hole not flagged at build time
Next by Thread: Re: package with security hole not flagged at build time
Indexes:

Home | Main Index | Thread Index | Old Index