netbsd-bugs: pkg/14243: audit-packages calculates versions wrong

Subject: pkg/14243: audit-packages calculates versions wrong
To: None <gnats-bugs@gnats.netbsd.org>
From: Kimmo Suominen <kim@tac.nyc.ny.us>
List: netbsd-bugs
Date: 10/14/2001 10:41:25

>Number:         14243
>Category:       pkg
>Synopsis:       audit-packages calculates versions wrong
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 14 07:42:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Kimmo Suominen
>Release:        audit-packages-1.10
>Organization:
 _   _
| |_(_)_ __
| / / | '  \   Kimmo Suominen
|_\_\_|_|_|_|  kim@tac.nyc.ny.us
>Environment:
System: NetBSD pit.astron.com 1.5_ALPHA2 NetBSD 1.5_ALPHA2 (SHARK) #0: Mon Sep 11 19:18:38 PDT 2000 matt@sand.local:/other/arm32/kobj/SHARK arm32
>Description:
audit-packages tells me openssh-2.9.9p2 is vulnerable, even though
the vulnerabilities file lists the shown vulnerability only valid
for versions earlier than 2.9p2.
>How-To-Repeat:
pit:...usr.bin/gawk# audit-packages
Package openssh-2.9.9p2 has a remote-file-write vulnerability, see http://www.openbsd.org/errata.html#sshcookie
>Fix:
I already brought awk (gawk) up-to-date, and that did not help.
>Release-Note:
>Audit-Trail:
>Unformatted: