pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/50082 (suse131 packages are outdated)
The following reply was made to PR pkg/50082; it has been noted by GNATS.
From: Rin Okuyama <okuyama%flex.phys.tohoku.ac.jp@localhost>
To: gnats-bugs%NetBSD.org@localhost, pkg-manager%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost,
gnats-admin%netbsd.org@localhost, wiz%NetBSD.org@localhost
Cc:
Subject: Re: pkg/50082 (suse131 packages are outdated)
Date: Wed, 29 Jul 2015 11:26:24 +0900
> Committed, thank you.
> Can you please send a patch for the pkg-vulnerabilities file?
Thank you for your commit.
As a precaution, I tried to confirm that a vulnerability recorded in
pkg-vulnerabilities file, CVE-2014-4043, is actually resolved.
The result is *very disappointing*. As I could not find their commit
log for this vulnerability, I executed a test code obtained from
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4043
and found this vulnerability remains! I also checked it on openSUSE
13.1 installed in a virtual machine. In conclusion, openSUSE community
leaves the well-known vulnerability in their supported branch.
Unfortunately, we can no longer trust packages provided by openSUSE.
We may have two options, (1) check and fix every vulnerabilities for
openSUSE, or (2) switch to a more reliable distribution. Both seem
very hard though....
Home |
Main Index |
Thread Index |
Old Index