Subject: Re: RSAREF2 buffer overflow?
To: Aaron J. Grier <firstname.lastname@example.org>
From: Bill Sommerfeld <email@example.com>
Date: 12/14/1999 16:18:50
> apologies if this is the wrong list, but tech-security looks like it's
> been dead for almost six months...
> I know this doesn't apply to those outside the US , but the
> NetBSD-specific section in the recent CERT advisory regarding buffer
> overflows in RSAREF2 says basically "we advise recompiling things to not
> use RSAREF2." What about those of us who (for legal or other reasons)
> don't have the option?
This looks like the result of a left hand vs. right hand disconnect.
Patches for this problem were checked into pkgsrc on december 2nd.
> should I send-pr this?
No, it's already fixed.. too bad it's too late to fix the advisory.