pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/41305: pkg_admin fetch-pkg-vulnerabilities did not work



The following reply was made to PR pkg/41305; it has been noted by GNATS.

From: David Holland <dholland-pbugs%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: pkg/41305: pkg_admin fetch-pkg-vulnerabilities did not work
Date: Sun, 17 May 2009 22:43:00 +0000

 gnats dropped this, because "Re[2]:" is not valid.
 
    ------
 
 From: nb_rm%rmroppert.info@localhost
 To: pkgsrc-bugs%netbsd.org@localhost
 CC: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, 
gnats-bugs%netbsd.org@localhost
 Subject: Re[2]: pkg/41305: pkg_admin fetch-pkg-vulnerabilities did not work
 Date: Wed, 29 Apr 2009 22:38:53 +0200
 
 
 Hello Jeremy
 
 > The following reply was made to PR pkg/41305; it has been noted by GNATS.
 
 > From: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
 > To: gnats-bugs%NetBSD.org@localhost
 > Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, 
 > pkgsrc-bugs%netbsd.org@localhost
 > Subject: Re: pkg/41305: pkg_admin fetch-pkg-vulnerabilities did not work
 > Date: Wed, 29 Apr 2009 12:11:03 -0500 (CDT)
 
  >> If i use
  >> pkg_admin fetch-pkg-vulnerabilities
  >> 
  >> i got 
  >> usage: pkg_admin [-bqSV] [-d lsdir] [-K pkg_dbdir] [-s sfx] command args 
...
  >> Where 'commands' and 'args' are:
  >> ......an so on
 >  
 >  I assume you are using pkg_admin from NetBSD 4.0.1.
 >  
 >  if you want newer pkg_admin use pkgsrc/pkgtools/pkg_install  and change
 >  your executable PATH or use full path to new pkg_admin.
 >  
 >  (But man would still show old version....)
 >  
 >  Or use old audit-packages and download-vulnerability-list -- but the 
 >  package was removed. (I don't know why the package was removed when NetBSD
 >  releases don't have it.)
 
 I installed from pkgsrc/pkgtools/pkg_install.
 But, you are right.
 
 If i use /usr/pkg/sbin/php_admin -V
 i got now
 20090406
 (See also my answer to Joergs post)
 
 If i use
 /usr/pkg/sbin/php_admin fetch-pkg-vulnerabilities
 there is no output
 
 and
 
 /usr/pkg/sbin/php_admin audit
 
 gives
 
 Package mutt-1.4.2.3nb2 has a signature-spoofing vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1268
 Package ap22-perl-2.0.4nb2 has a cross-site-scripting vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796
 Package ghostscript-8.64nb2 has a arbitrary-code-execution vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
 
 So it seems,  it is working correct this way.
 Thank you for assistance
 
 Best regards
 Reinhold
 
 -- 
 Reinhold
 


Home | Main Index | Thread Index | Old Index