pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [HEADSUP] Removing vulnerable packages



On 04/08/11 12:20, Thomas Klausner wrote:
Here's an update to my list of last week:

On Fri, Apr 01, 2011 at 11:47:30AM +0200, Thomas Klausner wrote:
The packages listed below were marked as vulnerable on January 1, 2010
and still marked as vulnerable on April 1, 2011, while having no version
number updates (except for PKGREVISION bumps) in the meantime.[1]

Please speak up if you are currently using one of them.
If you speak up, please think about providing patches to fix the
security issues (though it's not a requirement).

I'll remove packages for which noone spoke up after the branch is cut,
but at the earliest two weeks from now.
This might also cause the removal of dependencies if the package
contains a library or is a dependency for another reason.
For these packages noone has spoken up:

RealPlayerGold-10.0.9.809.20070726
acroread-4.05
acroread5-5.10
acroread7-7.0.9
adobe-flash-plugin-10.0.0.525
amaya-10.0.1
asp2php-0.76.17
aview-1.3.0.1
bugzilla-2.22.7
bugzilla-3.2.4
camlimages-2.2.0
cyrus-imapd-2.1.18
firefox-bin-flash-9.0.124
fwbuilder-2.0.12
fwbuilder21-2.1.19
gpsdrive-1.31
instiki-0.9.2
jakarta-tomcat4-4.1.30
jakarta-tomcat5-5.0.30
libxml-1.8.17
mailscanner-4.30.3.2
mgv-3.1.5
newt-0.51.6
ntop-1.1
quake3arena-1.32b
quake3server-1.32b
roundup-1.4.6
sarg-2.1
squidGuard-1.4
synce-dccm-0.9.1
tkman-2.2
trickle-1.06
tunapie-2.1.6
vlc08-0.8.6i
zope210-2.10.7
zope211-2.11.2
zope29-2.9.10
zope3-3.3.1


Spoken for:
acroread8-8.1.7
automake14-1.4.6
bash-completion-1.0
compat14-1.4.3
compat15-1.5.3
crossfire-server-1.11.0
gdb-6.2.1
kdegraphics-3.5.10
kdelibs-3.5.10
lmbench-2.11a
mutt-1.4.2.3
netbsd32_compat15-1.5.3
pdfjam-1.20
prelude-manager-0.9.15
suse32_freetype2-10.0
suse32_gtk2-10.0
suse32_libcups-10.0
suse32_openssl-10.0
suse_freetype2-10.0
suse_gtk2-10.0
suse_libcups-10.0
suse_openssl-10.0
userppp-001107
wxGTK-2.6.3
wxGTK24-2.4.2
xdg-utils-1.0.2
xemacs-21.5.27
xemacs-nox11-21.5.27
xentools3-3.1.4

Fixed:
ap22-auth-mysql-4.3.1
blender-2.49b
kadu-0.5.0
mpop-1.0.12
putty-0.6.20090906
snort-2.8.3.1
xmp-2.5.1

Incorrectly on the list:
ap22-auth-mysql-1.11.12
freetype-1.5

  Thomas

AFAIK, adobe-flash-plugin-10.0.0.525 is the only flash plugin available which 
will work on NetBSD.  Removing it is going to force many of us who use NetBSD 
desktops to switch to Linux.  My understanding is that newer versions of flash 
require linux emulation to be brought up to date.

Roger



Home | Main Index | Thread Index | Old Index