[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

math/graphviz: New license and unsafe use of tmp files.

To: ports_(_at_)_openbsd_(_dot_)_org
Subject: math/graphviz: New license and unsafe use of tmp files.
From: Sigfred Håversen <bsdlist_(_at_)_mumak_(_dot_)_com>
Date: Fri, 18 Nov 2005 18:36:23 +0100


December 2004 Graphviz changed their license to Common Public License (CPL),
as may be seen: http://www.graphviz.org/News.php This should make it
less of a hassle to install it as it should not be needed to manually
agree to the (now old) license when building the port.

Graphviz uses tmp files in an unsafe way, and from the advisory
it seems the OpenBSD version might be vulnerable as well:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2965

/Sigfred

Follow-Ups:
- Re: math/graphviz: New license and unsafe use of tmp files.
  - From: Christian Weisgerber

Prev by Date: Re: RFC: inputmethod category
Next by Date: Re: Extra libs
Previous by thread: Mozilla Firefox 1.5rc3
Next by thread: Re: math/graphviz: New license and unsafe use of tmp files.
Index(es):
- Date
- Thread

Visit your host, monkey.org