Subject: What to do about unfixed vulnerabilities?
To: None <firstname.lastname@example.org, email@example.com>
From: Paul Hoffman <firstname.lastname@example.org>
Date: 10/23/2000 09:12:21
The new audit-packages package is quite nice, and thanks for the work
that went into it. I run it, and it tells me:
Package pine-4.21 has a denial-of-service vulnerability,
Yes, but pine-4.21 is the current version of pine. Maybe you can put
a note in the NetBSD vulnerability list explaining either (a) where
in pkgsrc to get the update or (b) don't bother to look, it hasn't
been fixed yet.