NetBSD Problem Report #30340

From perry@piermont.com  Wed May 25 19:39:04 2005
Return-Path: <perry@piermont.com>
Received: from hackworth.piermont.com (hackworth.piermont.com [166.84.151.68])
	by narn.netbsd.org (Postfix) with ESMTP id 2435363B104
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 25 May 2005 19:39:04 +0000 (UTC)
Message-Id: <20050525193903.97E3E78AE34@hackworth.piermont.com>
Date: Wed, 25 May 2005 15:39:03 -0400 (EDT)
From: perry@piermont.com
Reply-To: perry@piermont.com
To: gnats-bugs@netbsd.org
Subject: realplayer and RealPlayerGold packages not security updated
X-Send-Pr-Version: 3.95

>Number:         30340
>Category:       pkg
>Synopsis:       realplayer and RealPlayerGold packages not security updated
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 25 19:40:00 +0000 2005
>Closed-Date:    Wed May 25 19:49:19 +0000 2005
>Last-Modified:  Wed May 25 19:49:19 +0000 2005
>Originator:     Perry E. Metzger
>Release:        NetBSD 3.99.5
>Organization:
Perry E. Metzger		perry@piermont.com
--
"Ask not what your country can force other people to do for you..."
>Environment:


System: NetBSD hackworth 3.99.5 NetBSD 3.99.5 (HACKWORTH) #0: Tue May 24 13:32:09 EDT 2005 perry@hackworth:/usr/src/sys/arch/i386/compile/HACKWORTH i386
Architecture: i386
Machine: i386
>Description:

	The multimedia/realplayer and multimedia/RealPlayerGold
	packages both have security holes. However, they have not been
	updated to versions of the program without security holes. (It
	appears such versions are available. See, for example, 
	    https://player.helixcommunity.org/2004/downloads/ )
	Without such an update, a user of the application is forced to
	either run an insecure version or to forgo the use of the
	application.

>How-To-Repeat:

>Fix:


>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: wiz@netbsd.org
State-Changed-When: Wed, 25 May 2005 19:49:19 +0000
State-Changed-Why:
We know.
The new versions are already noted in pkgsrc/doc/TODO,
and pkg-vulnerabilities is already complaining about it.
The maintainer for both of them is tech-pkg, so there is
no "responsible" person. Feel free to provide an update!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.