tech-pkg archive

---

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: upgrading xmlrpc-c

---

• To: Tim Zingelman <tez%netbsd.org@localhost>
• Subject: Re: upgrading xmlrpc-c
• From: Adam Ciarciński <adam%NetBSD.org@localhost>
• Date: 2012年11月15日 08:16:38 +0100

---

>>> Package xmlrpc-c-ss-1.16.42 has a denial-of-service vulnerability. It
>>> is also four years old. Is there any reason we don't upgrade it to
>>> 1.32?
>> 
>> Just updated to 1.16.43.
>> We use a super-stable branch, that's why it's not 1.32.
> 
> Adam,
> 
> Can you confirm that this update fixes http://secunia.com/advisories/50648/ ?
> 
> Thanks,
> 
> - Tim
Looking at http://xmlrpc-c.sourceforge.net/change.html it seems the 
vulnerability only applies to the advanced release (1.32.xx). The super stable 
release (1.16.xx), which we use in pkgsrc, should not be affected.
Kind regards,
Adam

---

• Follow-Ups:
  • Re: upgrading xmlrpc-c
    • From: D'Arcy J.M. Cain

• References:
  • upgrading xmlrpc-c
    • From: D'Arcy J.M. Cain
  • Re: upgrading xmlrpc-c
    • From: Adam Ciarciński
  • Re: upgrading xmlrpc-c
    • From: Tim Zingelman

---

• Prev by Date: Re: pkg_add problem with nosuid on /var
• Next by Date: Re: pkg_add problem with nosuid on /var
• Previous by Thread: Re: upgrading xmlrpc-c
• Next by Thread: Re: upgrading xmlrpc-c
• Indexes:
  • reverse Date
  • reverse Thread
  • Old Index

Home | Main Index | Thread Index | Old Index