NetBSD Problem Report #30340
From perry@piermont.com Wed May 25 19:39:04 2005
Return-Path: <perry@piermont.com>
Received: from hackworth.piermont.com (hackworth.piermont.com [166.84.151.68])
by narn.netbsd.org (Postfix) with ESMTP id 2435363B104
for <gnats-bugs@gnats.NetBSD.org>; Wed, 25 May 2005 19:39:04 +0000 (UTC)
Message-Id: <20050525193903.97E3E78AE34@hackworth.piermont.com>
Date: Wed, 25 May 2005 15:39:03 -0400 (EDT)
From: perry@piermont.com
Reply-To: perry@piermont.com
To: gnats-bugs@netbsd.org
Subject: realplayer and RealPlayerGold packages not security updated
X-Send-Pr-Version: 3.95
>Number: 30340
>Category: pkg
>Synopsis: realplayer and RealPlayerGold packages not security updated
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed May 25 19:40:00 +0000 2005
>Closed-Date: Wed May 25 19:49:19 +0000 2005
>Last-Modified: Wed May 25 19:49:19 +0000 2005
>Originator: Perry E. Metzger
>Release: NetBSD 3.99.5
>Organization:
Perry E. Metzger perry@piermont.com
--
"Ask not what your country can force other people to do for you..."
>Environment:
System: NetBSD hackworth 3.99.5 NetBSD 3.99.5 (HACKWORTH) #0: Tue May 24 13:32:09 EDT 2005 perry@hackworth:/usr/src/sys/arch/i386/compile/HACKWORTH i386
Architecture: i386
Machine: i386
>Description:
The multimedia/realplayer and multimedia/RealPlayerGold
packages both have security holes. However, they have not been
updated to versions of the program without security holes. (It
appears such versions are available. See, for example,
https://player.helixcommunity.org/2004/downloads/ )
Without such an update, a user of the application is forced to
either run an insecure version or to forgo the use of the
application.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: wiz@netbsd.org
State-Changed-When: Wed, 25 May 2005 19:49:19 +0000
State-Changed-Why:
We know.
The new versions are already noted in pkgsrc/doc/TODO,
and pkg-vulnerabilities is already complaining about it.
The maintainer for both of them is tech-pkg, so there is
no "responsible" person. Feel free to provide an update!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.