'pkg/11077: pkg-vulnerabilty handling should be improved?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-bugs
Subject:    pkg/11077: pkg-vulnerabilty handling should be improved?
From:       itojun () itojun ! org
Date:       2000-09-25 15:15:56
[Download RAW message or body]


> Number:         11077
> Category:       pkg
> Synopsis:       pkg-vulnerabilty handling should be improved?
> Confidential:   no
> Severity:       non-critical
> Priority:       medium
> Responsible:    pkg-manager
> State:          open
> Class:          sw-bug
> Submitter-Id:   net
> Arrival-Date:   Mon Sep 25 08:18:00 PDT 2000
> Closed-Date:
> Last-Modified:
> Originator:     Jun-ichiro itojun Hagino
> Release:        1.5F
> Organization:
	itojun.org
> Environment:
System: NetBSD starfruit.itojun.org 1.5F NetBSD 1.5F (STARFRUIT) #165: Mon Sep 25 \
04:17:57 JST 2000 itojun@starfruit.itojun.org:/usr/home/itojun/NetBSD/src/sys/arch/i386/compile/STARFRUIT \
i386


> Description:
	when we a vulnerability entry for a package, the following message is
	printed regardless of which version i'm installing.
	*** WARNING: Vulnerabilities in this package ***

	what "this package" means here is rather unclear to me.
	- did I install some binary that is vulnerable?
	- or, there are vulnerabilities in the past and the version
	  I'm using is okay?

	i'm using bsd.pkg.mk revision 1.579.
> How-To-Repeat:

# grep racoon ../../distfiles/vulnerabilities
racoon<20000923a        local-root-file-view    \
http://mail-index.netbsd.org/tech-net/2000/09/24/0000.html # grep DISTNAME Makefile
DISTNAME=       racoon-20000923a
WRKSRC=         ${WRKDIR}/${DISTNAME}/racoon
# make install
===> Installing for racoon-20000923a
*** WARNING: Vulnerabilities in this package ***
racoon<20000923a        local-root-file-view    \
                http://mail-index.netbsd.org/tech-net/2000/09/24/0000.html
/usr/bin/install -c -o root -g wheel -s -o bin -g bin -m 555 racoon /usr/pkg/sbin
/usr/bin/install -c -o root -g wheel -o bin -g bin -m 444 racoon.8 /usr/pkg/man/man8
/usr/bin/install -c -o root -g wheel -o bin -g bin -m 444 racoon.conf.5 \
                /usr/pkg/man/man5
/bin/mkdir -p /usr/pkg/share/doc/racoon
for i in FAQ README.certificate; do  install -c -o root -g wheel -m 444 \
/usr/home/itojun/NetBSD/pkgsrc/security/racoon/work/racoon-20000923a/racoon/doc/$i \
                /usr/pkg/share/doc/racoon;  done
/bin/mkdir -p /usr/pkg/share/examples/racoon
install -c -o root -g wheel -m 444 \
/usr/home/itojun/NetBSD/pkgsrc/security/racoon/work/racoon-20000923a/racoon/samples/racoon.conf.sample \
/usr/pkg/share/examples/racoon ===> Registering installation for racoon-20000923a

> Fix:
	don't know.
> Release-Note:
> Audit-Trail:
> Unformatted:


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic