pkg/33971: One addition/one revision needed to the pkg-vulnerabilities file

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/33971: One addition/one revision needed to the pkg-vulnerabilities file
From: dhgutteridge%sympatico.ca@localhost
Date: Tue, 11 Jul 2006 01:55:00 +0000 (UTC)

>Number:         33971
>Category:       pkg
>Synopsis:       One addition/one revision needed to the pkg-vulnerabilities 
>file
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Jul 11 01:55:00 +0000 2006
>Originator:     David H. Gutteridge
>Release:        Mostly 3.0 these days
>Organization:
>Environment:
>Description:
Hello,

Two items for the pkg-vulnerabilities file:

(1) The vulnerability reported against dia:

dia-0.[0-9]*            arbitrary-code-execution        
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480

has been fixed in version 0.95-1, which has the following notation in its 
ChangeLog file:

       * plug-ins/wmf/wmf.cpp: Patch from Hans de Goede: Fix bug #342111,
        security vulnerabilities from string format errors.

(2) There's no reference to 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2197

which affects wv2 before version 0.2.3.  (pkgsrc-current and 2006-Q2 have 
already been updated to reflect this latest version.)

Regards,

Dave

>How-To-Repeat:

>Fix:

Prev by Date: pkg/33970: winecfg (part of wine pkg) core dumps
Next by Date: Re: pkg/33486: Update textproc/hyperestraier 1.2.5 to 1.3.2
Previous by Thread: pkg/33970: winecfg (part of wine pkg) core dumps
Next by Thread: Re: pkg/33486: Update textproc/hyperestraier 1.2.5 to 1.3.2
Indexes:

Home | Main Index | Thread Index | Old Index