seamonkey port security issue - BSD

This is a discussion on seamonkey port security issue - BSD ; Hello Everyone, I have Seamonkey 1.1.4 on my system (built from ports) which has been complaining for some time now each time I run portaudit. For this reason I decided to upgrade it, but when I tried to build Seamonkey ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: seamonkey port security issue

  1. seamonkey port security issue


    Hello Everyone,
    I have Seamonkey 1.1.4 on my system (built from ports) which has been
    complaining for some time now each time I run portaudit. For this reason I
    decided to upgrade it, but when I tried to build Seamonkey 1.1.5 about a
    week ago the build stopped saying that 1.1.5 has known vulnerability
    issues. So I waited 7-10 days and today I got the same result (always after
    cvsup, of course).
    So it seems to me that the latest version in the ports collection is
    Seamonkey 1.1.5, but that has know vulnerabilities therefore cannot be
    built and 1.1.4 cannot be upgraded.

    So what is the next step now?
    Should I expect another (fixed) version of Seamonkey appering soon, or
    should I build 1.1.5 which is probably still better than 1.1.4, or should I
    leave my 1.1.4 as 1.1.5 has vulnerabilities too?

    Regards,
    Keve

    --
    if you need to reply directly:
    keve(at)mail(dot)poliod(dot)hu

  2. Re: seamonkey port security issue

    Keve Nagy writes:

    > Hello Everyone,
    > I have Seamonkey 1.1.4 on my system (built from ports) which has been
    > complaining for some time now each time I run portaudit. For this reason I
    > decided to upgrade it, but when I tried to build Seamonkey 1.1.5 about a
    > week ago the build stopped saying that 1.1.5 has known vulnerability
    > issues. So I waited 7-10 days and today I got the same result (always after
    > cvsup, of course).
    > So it seems to me that the latest version in the ports collection is
    > Seamonkey 1.1.5, but that has know vulnerabilities therefore cannot be
    > built and 1.1.4 cannot be upgraded.


    If you don't want vulnerability check, you can set an environment
    `DISABLE_VULNERABILITIES' by:

    setenv DISABLE_VULNERABILITIES (csh)
    export DISABLE_VULNERABILITIES (sh/bash)

    >
    > So what is the next step now?
    > Should I expect another (fixed) version of Seamonkey appering soon, or
    > should I build 1.1.5 which is probably still better than 1.1.4, or should I
    > leave my 1.1.4 as 1.1.5 has vulnerabilities too?


    Anyway, if you consider security seriously, you can use `www/firefox',
    which is not much different from `www/seamonkey'. The former is just a
    browser while the latter is a bunch of brower, mail client.... etc.

    >
    > Regards,
    > Keve
    >
    > --
    > if you need to reply directly:
    > keve(at)mail(dot)poliod(dot)hu


    --
    And God spake unto Moses, and said unto him, I am the LORD:
    -- Exodus 6:2

  3. Re: seamonkey port security issue

    darcsis@gmail.com (Denise H. G.) writes:

    > Keve Nagy writes:
    >
    >> Hello Everyone,
    >> I have Seamonkey 1.1.4 on my system (built from ports) which has been
    >> complaining for some time now each time I run portaudit. For this reason I
    >> decided to upgrade it, but when I tried to build Seamonkey 1.1.5 about a
    >> week ago the build stopped saying that 1.1.5 has known vulnerability
    >> issues. So I waited 7-10 days and today I got the same result (always after
    >> cvsup, of course).
    >> So it seems to me that the latest version in the ports collection is
    >> Seamonkey 1.1.5, but that has know vulnerabilities therefore cannot be
    >> built and 1.1.4 cannot be upgraded.

    >
    > If you don't want vulnerability check, you can set an environment
    > `DISABLE_VULNERABILITIES' by:
    >
    > setenv DISABLE_VULNERABILITIES (csh)
    > export DISABLE_VULNERABILITIES (sh/bash)


    Sorry, a type....
    It should be `export DISABLE_VULNERABILITIES='

    >
    >>
    >> So what is the next step now?
    >> Should I expect another (fixed) version of Seamonkey appering soon, or
    >> should I build 1.1.5 which is probably still better than 1.1.4, or should I
    >> leave my 1.1.4 as 1.1.5 has vulnerabilities too?

    >
    > Anyway, if you consider security seriously, you can use `www/firefox',
    > which is not much different from `www/seamonkey'. The former is just a
    > browser while the latter is a bunch of brower, mail client.... etc.
    >
    >>
    >> Regards,
    >> Keve
    >>
    >> --
    >> if you need to reply directly:
    >> keve(at)mail(dot)poliod(dot)hu

    >
    > --
    > And God spake unto Moses, and said unto him, I am the LORD:
    > -- Exodus 6:2


    --
    And God spake unto Moses, and said unto him, I am the LORD:
    -- Exodus 6:2

  4. Re: seamonkey port security issue

    In article <5o8ol7Flpu82U1@mid.individual.net>,
    Keve Nagy wrote:
    >
    >Hello Everyone,
    >I have Seamonkey 1.1.4 on my system (built from ports) which has been
    >complaining for some time now each time I run portaudit. For this reason I
    >decided to upgrade it, but when I tried to build Seamonkey 1.1.5 about a
    >week ago the build stopped saying that 1.1.5 has known vulnerability
    >issues. So I waited 7-10 days and today I got the same result (always after
    >cvsup, of course).
    >So it seems to me that the latest version in the ports collection is
    >Seamonkey 1.1.5, but that has know vulnerabilities therefore cannot be
    >built and 1.1.4 cannot be upgraded.
    >
    >So what is the next step now?


    "man port" will tell you how you can tell the ports system to
    ignore the vulnerabilies.

    >Should I expect another (fixed) version of Seamonkey appering soon, or
    >should I build 1.1.5 which is probably still better than 1.1.4, or should I
    >leave my 1.1.4 as 1.1.5 has vulnerabilities too?


    I would assume that 1.1.5 fixes other known bugs. It general
    it is best to stay current.

    >Regards,
    >Keve
    >
    >--
    >if you need to reply directly:
    >keve(at)mail(dot)poliod(dot)hu




  5. Re: seamonkey port security issue

    Keve Nagy wrote:
    >
    > I have Seamonkey 1.1.4 on my system (built from ports) which has been
    > complaining for some time now each time I run portaudit. For this reason I
    > decided to upgrade it, but when I tried to build Seamonkey 1.1.5 about a
    > week ago the build stopped saying that 1.1.5 has known vulnerability
    > issues. So I waited 7-10 days and today I got the same result (always after
    > cvsup, of course).
    > So it seems to me that the latest version in the ports collection is
    > Seamonkey 1.1.5, but that has know vulnerabilities therefore cannot be
    > built and 1.1.4 cannot be upgraded.
    >
    > So what is the next step now?
    > Should I expect another (fixed) version of Seamonkey appering soon, or
    > should I build 1.1.5 which is probably still better than 1.1.4, or should I
    > leave my 1.1.4 as 1.1.5 has vulnerabilities too?


    Go to the link provided and see if you think the vulnerability applies
    to your situation. If it doesn't, you can force the port build with

    make -DDISABLE_VULNERABILITIES install

    Otherwise, wait for a fixed version of Seamonkey to make its way from
    Mozilla to the ports. Or switch to Firefox and Thunderbird--which may
    have their own vulnerabilities.

    --
    Warren Block * Rapid City, South Dakota * USA

+ Reply to Thread