pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/50082 (suse131 packages are outdated)



The following reply was made to PR pkg/50082; it has been noted by GNATS.

From: Rin Okuyama <okuyama%flex.phys.tohoku.ac.jp@localhost>
To: gnats-bugs%NetBSD.org@localhost, pkg-manager%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost,
 gnats-admin%netbsd.org@localhost, wiz%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/50082 (suse131 packages are outdated)
Date: Wed, 29 Jul 2015 11:26:24 +0900

 > Committed, thank you.
 > Can you please send a patch for the pkg-vulnerabilities file?
 
 Thank you for your commit.
 
 As a precaution, I tried to confirm that a vulnerability recorded in
 pkg-vulnerabilities file, CVE-2014-4043, is actually resolved.
 
 The result is *very disappointing*. As I could not find their commit
 log for this vulnerability, I executed a test code obtained from
 
   https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4043
 
 and found this vulnerability remains! I also checked it on openSUSE
 13.1 installed in a virtual machine. In conclusion, openSUSE community
 leaves the well-known vulnerability in their supported branch.
 
 Unfortunately, we can no longer trust packages provided by openSUSE.
 We may have two options, (1) check and fix every vulnerabilities for
 openSUSE, or (2) switch to a more reliable distribution. Both seem
 very hard though....
 


Home | Main Index | Thread Index | Old Index