Subject: Re: package with security hole not flagged at build time
To: Steven M. Bellovin <email@example.com>
From: Adrian Portelli <firstname.lastname@example.org>
Date: 01/13/2007 16:19:51
Steven M. Bellovin wrote:
>>> --Steve Bellovin, http://www.cs.columbia.edu/~smb
>> Just as a matter of interest if you install the package and then run
>> audit-packages does it pick it up as being vulnerable ?
> --Steve Bellovin, http://www.cs.columbia.edu/~smb
Just one additional bit of information . . .
Do you have PKGVULNDIR set anywhere (mk.conf, audit-packages.conf,
environment) or have you played with it of late ?