Subject: Re: package with security hole not flagged at build time
To: Steven M. Bellovin <>
From: Adrian Portelli <>
List: pkgsrc-users
Date: 01/13/2007 16:19:51
Steven M. Bellovin wrote:
>>> 		--Steve Bellovin,
>> Just as a matter of interest if you install the package and then run
>> audit-packages does it pick it up as being vulnerable ?
> Yes...
> 		--Steve Bellovin,

Hi Steven,

Just one additional bit of information . . .

Do you have PKGVULNDIR set anywhere (mk.conf, audit-packages.conf,
environment) or have you played with it of late ?