i'm trying to patch my system for the "NetBSD Security Advisory 2015-006: OpenSSL and SSLv3 vulnerabilities" but unable to update OpenSSL. I have NetBSD v6.1.5 sparc64 port and i thought i could just execute "cd /usr/pkgsrc && cvs update -dP" and then "cd /usr/pkgsrc/security/openssl && make update" but when i do that i get this output: # make update ===> Checking for vulnerabilities in openssl-1.0.1i Package openssl-1.0.1i has a multiple-vulnerabilities vulnerability, see https://www.openssl.org/news/secadv_20141015.txt Package openssl-1.0.1i has a multiple-vulnerabilities vulnerability, see http://www.openssl.org/news/secadv_20150108.txt Package openssl-1.0.1i has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 Package openssl-1.0.1i has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 Package openssl-1.0.1i has a multiple-vulnerabilities vulnerability, see https://www.openssl.org/news/secadv_20150319.txt ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in pkg_install.conf(5) if this package is absolutely essential. *** Error code 1
Stop. make: stopped in /usr/pkgsrc/security/openssl *** Error code 1 Stop. make: stopped in /usr/pkgsrc/security/openssl # so it seems like there's no update available yet because in the security advisory it says the latest version is 1.0.1k. current version installed on the system is "OpenSSL 1.0.1i 6 Aug 2014" too.
