Subject: Re: firefox problem
To: Marius ROMAN <marius.roman@gmail.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: pkgsrc-users
Date: 10/06/2006 15:36:48
On Fri, 6 Oct 2006 21:10:42 +0300, "Marius ROMAN" <marius.roman@gmail.com>
wrote:

> Using 2006Q3 I get these errors when trying to make a binary package (make
> package) with firefox:
> 
> => Required installed package digest>=20010302: digest-20060826 found
> ===> Checking for vulnerabilities in firefox-1.5.0.7
> ERROR: remote-information-exposure vulnerability in firefox-1.5.0.7 - see
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894 for more
> information
> firefox{,-bin,-gtk1}-[0-9]*
> ERROR: Define ALLOW_VULNERABLE_PACKAGES if this package is absolutely
> essential
> *** Error code 1
> 
> Stop.
> make: stopped in /usr/pkgsrc/www/firefox
> 
> Does anyone encounter this problem ?
> 
Yes -- as far as I know, it's a legitimate warning because no fix is
available.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb