Subject: Re: package with security hole not flagged at build time
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Adrian Portelli <adrianp@stindustries.net>
List: pkgsrc-users
Date: 01/13/2007 16:19:51
Steven M. Bellovin wrote:
...
>>> 		--Steve Bellovin, http://www.cs.columbia.edu/~smb
>> Just as a matter of interest if you install the package and then run
>> audit-packages does it pick it up as being vulnerable ?
>>
> 
> Yes...
> 
> 		--Steve Bellovin, http://www.cs.columbia.edu/~smb

Hi Steven,

Just one additional bit of information . . .

Do you have PKGVULNDIR set anywhere (mk.conf, audit-packages.conf,
environment) or have you played with it of late ?

thanks,

adrian.