pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: xdg-utils-1.0.2 (Re: [HEADSUP] Removing vulnerable packages



On Tue, Apr 05, 2011 at 11:14:26AM +0200, Thomas Klausner wrote:
> On Tue, Apr 05, 2011 at 11:35:59AM +0900, Makoto Fujiwara wrote:
> > I have generated this patch.
> >     http://www.ki.nu/~makoto/pkgsrc/misc/xdg-utils-1.0.2nb1
> > 
> > I did not confirm patched version is vulnerable or not. 
> > I just picked up the diffs of following commit.
> > 
> >   2008-01-24 Kevin Krammer <kevin.krammer%gmx.at@localhost>
> >       * Fixing security issue in xdg-email and xdg-open at replacing
> >         parameter in $BROWSER
> 
> I've committed this, thank you!

When I looked at the vulnerabilities file again, I saw that it only
contained an entry for
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068
while the patches fix
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386

So more work to do here :(
 Thomas


Home | Main Index | Thread Index | Old Index