pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [HEADSUP] Removing vulnerable packages



On Fri, 01 Apr 2011 18:47:30 +0900, Thomas Klausner <wiz%netbsd.org@localhost> 
wrote:

acroread-4.05
acroread5-5.10
acroread7-7.0.9
acroread8-8.1.7

bugzilla-2.22.7

jakarta-tomcat4-4.1.30
jakarta-tomcat5-5.0.30

EOL packages.

kadu-0.5.0

It is not vulnerable.
Updated pkg-vulnerabilities.

newt-0.51.6

update to newt>=0.52.11, and will be resolved.

roundup-1.4.6

For http://issues.roundup-tracker.org/issue2550521 (roundup-[0-9]*),
it's CVE-2009-2737, maybe fixed by following commit, and resolved in >=1.4.7.
 http://svn.roundup-tracker.org/viewvc/roundup?view=revision&revision=4180

xdg-utils-1.0.2 [will not remove, but patches welcome]

unclear solution...

--
OBATA Akio / obache%NetBSD.org@localhost


Home | Main Index | Thread Index | Old Index