In message <20051210151347.GG12942@Xtrmntr.org>, Lubomir Sedlacik writes:
>

>
>On Sat, Dec 10, 2005 at 09:29:06AM -0500, D'Arcy J.M. Cain wrote:
>> On Sat, 10 Dec 2005 09:07:09 -0500 Steven M. Bellovin wrote:
>> > I was poking around the Mailman site a few days ago, and did not see
>> > any official fix for it there.  We'd have to import the Debian fix
>> > mentioned in the advisory.
>>
>> That's my point.  It looks like we already did but it still complains.
>
>how old is your pkg-vulnerabilities file?  the version number was
>corrected after the fix was commited in revision 1.1245.

I still see the problem with 1.1252.
>
>and why is this discussed on current-users?  please contact the pkgsrc
>security team at pkgsrc-security@ when in doubt about
>pkg-vulnerabilities and related issues.  thanks,
>

Added to my cc list; current-users kept because that's where the issue 
was raised.

# ident /usr/pkgsrc/distfiles/pkg-vulnerabilities  
/usr/pkgsrc/distfiles/pkg-vulnerabilities:
     $NetBSD: pkg-vulnerabilities,v 1.1252 2005/12/09 00:10:01 adrianp Exp $
# grep 'mailman.*1542' /usr/pkgsrc/distfiles/pkg-vulnerabilities
mailman<2.6.1nb1        1542,denial-of-service          http://secunia.com/advis
ories/17511/
# pwd
/usr/pkgsrc/mail/mailman
# cvs -q update -P -d
# make
===> Checking for vulnerabilities in mailman-2.1.6nb1
*** WARNING - 1542,denial-of-service vulnerability in mailman-2.1.6nb1 - see htt
p://secunia.com/advisories/17511/ for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 1

Stop.
make: stopped in /usr/pkgsrc/mail/mailman
*** Error code 1

Stop.
make: stopped in /usr/pkgsrc/mail/mailman