Lynx -vulnerabilities- is this permanent?
Remko Lodder
remko at elvandar.org
Thu Apr 26 07:20:36 UTC 2007
On Wed, Apr 25, 2007 at 03:50:53PM +0800, Foxfair Hu wrote:
> Simon L. Nielsen wrote:
> >On 2007.04.19 19:01:39 +0800, Foxfair Hu wrote:
> >>vuxml -> security-team's baby.
> >>Cc added.
> >
> >The problem is caused by interesting version numbering in the
> >www/lynx-current port which now conflicts with www/lynx:
> >
> >[simon at zaphod:lynx-current] make -V PKGNAME
> >lynx-2.8.7d4
> >
> >Basically the problem was fixed in lynx-current (I assume, I haven't
> >checked) 2.8.6d14 which really should have been 2.8.6.d14 to avoid
> >problems like this.
> >
> >[simon at zaphod:~] pkg_version -t 2.8.6d14 2.8.6_4
> >[simon at zaphod:~] pkg_version -t 2.8.6.d14 2.8.6_4
> ><
> >
> >I will try to have a look at how to work around this tonight, but I
> >don't know if I will get to it today.
> >
>
> [Cut off individuals Cc]
>
> Can we remove 2nd and 4th entry? Look at the version info on lynx
> site, I don't think current statement is a correct one:
>
> lynx >2.8.6* <2.8.6d14
> ja-lynx >2.8.6* <2.8.6d14
>
> Diff as below:
> -----------------------------
> cvs diff: Diffing .
> Index: vuln.xml
> ===================================================================
> RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v
> retrieving revision 1.1317
> diff -u -d -b -w -r1.1317 vuln.xml
> --- vuln.xml 23 Apr 2007 14:12:10 -0000 1.1317
> +++ vuln.xml 25 Apr 2007 04:01:21 -0000
> @@ -11487,7 +11487,6 @@
> <name>lynx</name>
> <name>ja-lynx</name>
> <range><lt>2.8.5_1</lt></range>
> - <range><gt>2.8.6*</gt><lt>2.8.6d14</lt></range>
> </package>
> <package>
> <name>lynx-ssl</name>
Hello Foxfair,
I think this is not a good idea; as long as 2.8.6X is vulnerable and some of them
are not, we need to mark them up, you are currently proposing to delist it which
isn't a really good idea.
Cheers,
remko
--
Kind regards,
Remko Lodder ** remko at elvandar.org
FreeBSD ** remko at FreeBSD.org
/* Quis custodiet ipsos custodes */
More information about the freebsd-ports
mailing list