[prev in list] [next in list] [prev in thread] [next in thread]
List: netbsd-bugs
Subject: pkg/11077: pkg-vulnerabilty handling should be improved?
From: itojun () itojun ! org
Date: 2000-09-25 15:15:56
[Download RAW message or body]
> Number: 11077
> Category: pkg
> Synopsis: pkg-vulnerabilty handling should be improved?
> Confidential: no
> Severity: non-critical
> Priority: medium
> Responsible: pkg-manager
> State: open
> Class: sw-bug
> Submitter-Id: net
> Arrival-Date: Mon Sep 25 08:18:00 PDT 2000
> Closed-Date:
> Last-Modified:
> Originator: Jun-ichiro itojun Hagino
> Release: 1.5F
> Organization:
itojun.org
> Environment:
System: NetBSD starfruit.itojun.org 1.5F NetBSD 1.5F (STARFRUIT) #165: Mon Sep 25 \
04:17:57 JST 2000 itojun@starfruit.itojun.org:/usr/home/itojun/NetBSD/src/sys/arch/i386/compile/STARFRUIT \
i386
> Description:
when we a vulnerability entry for a package, the following message is
printed regardless of which version i'm installing.
*** WARNING: Vulnerabilities in this package ***
what "this package" means here is rather unclear to me.
- did I install some binary that is vulnerable?
- or, there are vulnerabilities in the past and the version
I'm using is okay?
i'm using bsd.pkg.mk revision 1.579.
> How-To-Repeat:
# grep racoon ../../distfiles/vulnerabilities
racoon<20000923a local-root-file-view \
http://mail-index.netbsd.org/tech-net/2000/09/24/0000.html # grep DISTNAME Makefile
DISTNAME= racoon-20000923a
WRKSRC= ${WRKDIR}/${DISTNAME}/racoon
# make install
===> Installing for racoon-20000923a
*** WARNING: Vulnerabilities in this package ***
racoon<20000923a local-root-file-view \
http://mail-index.netbsd.org/tech-net/2000/09/24/0000.html
/usr/bin/install -c -o root -g wheel -s -o bin -g bin -m 555 racoon /usr/pkg/sbin
/usr/bin/install -c -o root -g wheel -o bin -g bin -m 444 racoon.8 /usr/pkg/man/man8
/usr/bin/install -c -o root -g wheel -o bin -g bin -m 444 racoon.conf.5 \
/usr/pkg/man/man5
/bin/mkdir -p /usr/pkg/share/doc/racoon
for i in FAQ README.certificate; do install -c -o root -g wheel -m 444 \
/usr/home/itojun/NetBSD/pkgsrc/security/racoon/work/racoon-20000923a/racoon/doc/$i \
/usr/pkg/share/doc/racoon; done
/bin/mkdir -p /usr/pkg/share/examples/racoon
install -c -o root -g wheel -m 444 \
/usr/home/itojun/NetBSD/pkgsrc/security/racoon/work/racoon-20000923a/racoon/samples/racoon.conf.sample \
/usr/pkg/share/examples/racoon ===> Registering installation for racoon-20000923a
> Fix:
don't know.
> Release-Note:
> Audit-Trail:
> Unformatted:
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic