pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/39922: IGNORE_URLS has no effect



>Number:         39922
>Category:       pkg
>Synopsis:       IGNORE_URLS has no effect
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Nov 14 15:20:00 +0000 2008
>Originator:     Michal Suchanek
>Release:        5BETA
>Organization:
CUNI
>Environment:
NetBSD  5.99.01 NetBSD 5.99.01 (miniMac) #0: Tue Nov 11 14:29:32 CET 2008  
root@:/home/hramrach/src/sys/arch/i386/compile/miniMac i386
>Description:
Package vim-share-7.2.40 has a remote-information-exposure vulnerability, see: 
http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in 
audit-packages.conf(5) if this package is absolutely essential.


Setting IGNORE_URLS affects audit_packages but does not allow installing the 
package.
>How-To-Repeat:
Try to install a vulnerable package.

Adding the vulnerability url into IGNORE_URLS in /etc/audit-packages.conf has 
no effect.
>Fix:



Home | Main Index | Thread Index | Old Index