Re: [HEADSUP] Removing vulnerable packages

To: OBATA Akio <obache%netbsd.org@localhost>
Subject: Re: [HEADSUP] Removing vulnerable packages
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Fri, 1 Apr 2011 14:02:32 +0200

On Fri, Apr 01, 2011 at 08:37:53PM +0900, OBATA Akio wrote:
> On Fri, 01 Apr 2011 18:47:30 +0900, Thomas Klausner 
> <wiz%netbsd.org@localhost> wrote:
> 
> >ap22-auth-mysql-1.11.12
> >ap22-auth-mysql-4.3.1
> 
> PKGNAME conflicts.
> CVE-2008-2384 is for www/ap-auth-mysql (ap22-auth-mysql-4.3.1).

Oh no. Can we rename one of them?

> >bash-completion-1.0
> 
> Just not confirmed fixed.
> I've confirmed vulnerabilities with old code-base version 
> (bash-completion-20060301),
> but switched to Debian's one.

Please check it, thanks.

> >putty-0.6.20090906
> 
> As I already noticed at import time, PKGVERSION of security/putty-devel 
> should be changed,
> something like 0.60{alpha,beta,pre}20090906, or it is very old version than 
> security/putty.
> http://mail-index.netbsd.org/pkgsrc-changes/2009/09/08/msg029512.html

Fixed as you suggested.

Thanks,
 Thomas

Follow-Ups:
- Re: [HEADSUP] Removing vulnerable packages
  - From: OBATA Akio

References:
- [HEADSUP] Removing vulnerable packages
  - From: Thomas Klausner
- Re: [HEADSUP] Removing vulnerable packages
  - From: OBATA Akio

Prev by Date: Re: [HEADSUP] Removing vulnerable packages
Next by Date: Re: [HEADSUP] Removing vulnerable packages
Previous by Thread: Re: [HEADSUP] Removing vulnerable packages
Next by Thread: Re: [HEADSUP] Removing vulnerable packages
Indexes:

Home | Main Index | Thread Index | Old Index