pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages



| From: Makoto Fujiwara <makoto%ki.nu@localhost>
| Date: Tue, 05 Apr 2011 09:12:20 +0900
| Message-ID: <yfm7hb95zff.wl%makoto%ki.nu@localhost>

wiz> xdg-utils-1.0.2 [will not remove, but patches welcome]

mef> I have the patch to 1.1.0-rc1 prepared.
mef> http://www.ki.nu/~makoto/pkgsrc/misc/xdg-utils-1.0.2
mef> (pkglint says Looks fine).

mef> (1) Shall I import it to wip for waiting rc1 removed, or
mef> (2) just send-pr or
mef> (3) extract the security patch and add to 1.0.2 ?

I have generated this patch.
    http://www.ki.nu/~makoto/pkgsrc/misc/xdg-utils-1.0.2nb1

I did not confirm patched version is vulnerable or not. 
I just picked up the diffs of following commit.

  2008-01-24 Kevin Krammer <kevin.krammer%gmx.at@localhost>
      * Fixing security issue in xdg-email and xdg-open at replacing
        parameter in $BROWSER

Thank you,
---
Makoto Fujiwara
mef%NetBSD.org@localhost



Home | Main Index | Thread Index | Old Index