Re: New courier packages

[Brian Candler <B.Candler%pobox.com@localhost>]

On Mon, Jun 14, 2010 at 10:55:28PM +0200, Fredrik Pettai wrote:
> > The following packages had successfully built by then:
> > 
> > $ ls ~/pkg/var/db/pkg
> > bmake-20100423                  digest-20080510         pcre-8.02
> > bootstrap-mk-files-20090807nb2  f2c-20090411nb4         perl-5.10.1nb1
> > courier-authlib-0.63.0          libltdl-2.2.6b          pkgdb.byfile.db
> > courier-maildir-0.65.0          libtool-base-2.2.6bnb4  pkg_install-20100421
> > couriertcpd-0.65.0              maildrop-2.5.0          pkg-vulnerabilities
> > db4-4.8.30                      pax-20080110            tnftp-20070806
> 
> Would it be possible for you to verify the others compile/install (not via
> the courier meta pkg), referring to courier-analog, courier-imap,
> sqwebmail?

All three make and install fine.

However I note that sqwebmail is still marked as VULNERABLE:

===> Checking for vulnerabilities in sqwebmail-5.4.1
Package sqwebmail-5.4.1 has a cross-site-scripting vulnerability, see 
http://secunia.com/advisories/15119/
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in 
pkg_install.conf(5) if this package is absolutely essential.

However the author is unaware of any problem, and the secunia and bid
advisories are content-free.

Regards,

Brian.