Subject: HEADS UP: cvs, racoon, xchat* vulnerabilities
To: None <tech-pkg@NetBSD.org>
From: Thomas Klausner <wiz@NetBSD.org>
List: tech-pkg
Date: 04/16/2004 00:57:14
Hi!
Since ftp.netbsd.org is down, download-vulnerability-list
fails, so please note:
since 2004/04/09, the pkg-vulnerabilities file grew
by the following lines:
racoon<20040408a weak-authentication http://www.vuxml.org/freebsd/d8769838-8814-11d8-90d1-0020ed76ef5a.html
xchat<1.8.11nb7 remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
xchat-2.0.[0-7]* remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
xchat-2.0.8 remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
xchat-2.0.8nb1 remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
xchat-gnome<1.8.11nb7 remote-code-execution http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
cvs<1.11.15 remote-file-write http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102
Please verify if your installed packages are vulnerable;
pkgsrc contains fixed versions for all of the above.
Thomas