pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/39922: IGNORE_URLS has no effect
>Number: 39922
>Category: pkg
>Synopsis: IGNORE_URLS has no effect
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Nov 14 15:20:00 +0000 2008
>Originator: Michal Suchanek
>Release: 5BETA
>Organization:
CUNI
>Environment:
NetBSD 5.99.01 NetBSD 5.99.01 (miniMac) #0: Tue Nov 11 14:29:32 CET 2008
root@:/home/hramrach/src/sys/arch/i386/compile/miniMac i386
>Description:
Package vim-share-7.2.40 has a remote-information-exposure vulnerability, see:
http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in
audit-packages.conf(5) if this package is absolutely essential.
Setting IGNORE_URLS affects audit_packages but does not allow installing the
package.
>How-To-Repeat:
Try to install a vulnerable package.
Adding the vulnerability url into IGNORE_URLS in /etc/audit-packages.conf has
no effect.
>Fix:
Home |
Main Index |
Thread Index |
Old Index