Re: pkg/43024 (proftpd needs to be updated to 1.3.3 to fix the security issues)

To: kim%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost, mvergall%telenet.be@localhost
Subject: Re: pkg/43024 (proftpd needs to be updated to 1.3.3 to fix the security issues)
From: "Michael C. Vergallen" <mvergall%telenet.be@localhost>
Date: Mon, 22 Mar 2010 01:20:04 +0000 (UTC)

The following reply was made to PR pkg/43024; it has been noted by GNATS.

From: "Michael C. Vergallen" <mvergall%telenet.be@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: pkg/43024 (proftpd needs to be updated to 1.3.3 to fix the security
 issues)
Date: Mon, 22 Mar 2010 02:15:16 +0100

 Michael C. Vergallen wrote:
 > The following reply was made to PR pkg/43024; it has been noted by GNATS.
 >
 > From: "Michael C. Vergallen" <mvergall%telenet.be@localhost>
 > To: gnats-bugs%netbsd.org@localhost
 > Cc: 
 > Subject: Re: pkg/43024 (proftpd needs to be updated to 1.3.3 to fix the 
 > security
 >  issues)
 > Date: Mon, 22 Mar 2010 01:49:27 +0100
 >
 >  kim%netbsd.org@localhost wrote:
 >  > Synopsis: proftpd needs to be updated to 1.3.3 to fix the security issues
 >  >
 >  > State-Changed-From-To: open->closed
 >  > State-Changed-By: kim%NetBSD.org@localhost
 >  > State-Changed-When: Sun, 21 Mar 2010 21:26:18 +0000
 >  > State-Changed-Why:
 >  > I couldn't see any security issues listed for 1.3.2c on www.proftpd.org.
 >  > However, I have updated the package to 1.3.3 anyway.
 >  >
 >  >
 >  >
 >  >
 >  >   
 >  No the website does not mention that ... just the  
 >  pkg-vulnerability-list  does mention that and building the package on a 
 >  system that does not have ALLOW_VULNERABLE_PACKAGES=yes does not work. 
 >  As here on site this is not allowed I didn't have a choice but to ask 
 >  for a bump up in version due to the patches that came with pkgsrc-2009Q4 
 >  it was impossible to modify the package myself. (I tried to rework the 
 >  patches when they failed but didn't succeed. The Makefile and digest 
 >  were no problem but the patches on the package kept failing)
 >  
 >  Regards.
 >  
 >  Michael
 >  
 >   
 PS See
 
 Package proftpd-1.3.2c has a spoofing-attacks vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3639 for the reason it 
fails to build.

Prev by Date: Re: pkg/43024 (proftpd needs to be updated to 1.3.3 to fix the security issues)
Next by Date: Re: pkg/38387 (pkgsrc-2008Q1 fails to bootstrap on OpenSolaris. Compiles OK but ...)
Previous by Thread: Re: pkg/43024 (proftpd needs to be updated to 1.3.3 to fix the security issues)
Next by Thread: PR/42920 CVS commit: pkgsrc/net/ktorrent-kde3
Indexes:

Home | Main Index | Thread Index | Old Index