pkgsrc-bugs: pkg/32399: scponly: ALL VERSIONS PRIOR TO 4.2 ARE VULNERABLE; audit-packages is quiet

Subject: pkg/32399: scponly: ALL VERSIONS PRIOR TO 4.2 ARE VULNERABLE; audit-packages is quiet
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <netbsd@eq.cz>
List: pkgsrc-bugs
Date: 12/28/2005 11:35:00

>Number:         32399
>Category:       pkg
>Synopsis:       scponly: ALL VERSIONS PRIOR TO 4.2 ARE VULNERABLE; audit-packages is quiet
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 28 11:35:00 +0000 2005
>Originator:     rudolf
>Release:        
>Organization:
>Environment:
>Description:
As reported on it's homepage (http://www.sublimation.org/scponly/), all versions prior to 4.2 have some security flaws. audit-packages should report it, but it doesn't.
>How-To-Repeat:
Install audit-packages and scponly from the latest stable pkgsrc (2005-Q4), download-vulnerability-list, launch audit-packages.
>Fix:
Add an entry to audit-packages db. Ideally upgrade the scponly package to unaffected version too.