pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Uselessness of audit-packages vs stable pkgsrc branch



Audit-packages is currently reporting a lot of vulnerabilities:

Package ffmpeg-0.4.9pre1nb3 has a arbitrary-code-execution vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800
Package vlc-0.8.5nb6 has a arbitrary-code-execution vulnerability, see 
http://www.videolan.org/sa0701.html
Package openldap-server-2.3.38 has a denial-of-service vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5707
Package flac-1.1.3nb1 has a arbitrary-code-execution vulnerability, see 
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
Package wireshark-0.99.6 has a denial-of-service vulnerability, see 
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Package php-5.2.4nb3 has a denial-of-service vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
Package firefox-2.0.0.8 has a cross-site-scripting vulnerability, see 
http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
Package firefox-2.0.0.8 has a memory-corruption vulnerability, see 
http://www.mozilla.org/security/announce/2007/mfsa2007-38.html
Package firefox-2.0.0.8 has a cross-site-request-forgery vulnerability, see 
http://www.mozilla.org/security/announce/2007/mfsa2007-39.html
Package cairo-1.4.10 has a arbitrary-code-execution vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503

but what is the point of this when there are NO updates for ANY of these
in the stable pkgsrc-2007Q3 branch?

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert      -- You author it, and I'll reader it.
\X/ rhialto/at/xs4all.nl        -- Cetero censeo "authored" delendum esse.



Home | Main Index | Thread Index | Old Index