Subject: Re: NetBSD Security Advisory 2001-001
To: None <>
From: Nick <>
List: current-users
Date: 02/11/2001 20:28:48
On Sun, Feb 11, 2001 at 02:22:35PM +1100, NetBSD Security Officer wrote:
>                  NetBSD Security Advisory 2001-001
>                  =================================
> Topic:          Multiple BIND vulnerabilities
> Version:        All release versions of NetBSD, and NetBSD-current
> Severity:       Remote root execution of commands is possible
> Fixed:          NetBSD-current:    January 27, 2001
>                 NetBSD 1.5 branch: January 28, 2001
>                 NetBSD 1.4 branch: January 28, 2001

I hope that this one doesn't come off as bashing or ranting...

Maybe I am not reading the right mailing lists, but doesn't it seem
like the NetBSD user community should hear about this sort of thing
sooner?  I've been seeing noise on Bugtraq about it for a while now
but I never saw a NetBSD Sec. Advisory until today.  It makes me
sort of uneasy to know these vulnerabilities were common knowledge
for so long without an advisory.

Is it a bad idea to rely on the NetBSD Security Advisories to keep
up-to-date on vulnerabilites in NetBSD?

Nick Maniscalco