pkg/37426: Vulnerable packages not automatically noved to vulnerable/ on FTP?

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/37426: Vulnerable packages not automatically noved to vulnerable/ on FTP?
From: mmondor%pulsar-zone.net@localhost
Date: Sat, 24 Nov 2007 10:50:00 +0000 (UTC)

>Number:         37426
>Category:       pkg
>Synopsis:       Vulnerable packages not automatically noved to vulnerable/ on 
>FTP?
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 24 10:50:00 +0000 2007
>Originator:     Matthew Mondor
>Release:        n/a
>Organization:
>Environment:
n/a
>Description:
ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD-4.0/i386/All/cups-1.2.12.tgz  
was not moved to the vulnerable/ section, yet pkg-audit caught:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351

Is there a cron event in place to automatically move such packages out of the 
main tree?

It also might be nice in the future for pkg_add to support check of vulnerable 
packages like pkgsrc does, but this could be the subject of another PR or 
project.
>How-To-Repeat:

>Fix:
A script ran via a cron event might be a good solution

Prev by Date: Re: pkg/37131 (2 problems: i) NetBSD-current doesn't build because of signature of mremap(2) ii) os_mon driver doesn't build on NetBSD)
Next by Date: PR/36186 CVS commit: pkgsrc/net/freeradius
Previous by Thread: Re: pkg/37131 (2 problems: i) NetBSD-current doesn't build because of signature of mremap(2) ii) os_mon driver doesn't build on NetBSD)
Next by Thread: PR/36186 CVS commit: pkgsrc/net/freeradius
Indexes:

Home | Main Index | Thread Index | Old Index