Subject: What to do about unfixed vulnerabilities?
To: None <,>
From: Paul Hoffman <>
List: tech-pkg
Date: 10/23/2000 09:12:21
The new audit-packages package is quite nice, and thanks for the work 
that went into it. I run it, and it tells me:

     Package pine-4.21 has a denial-of-service vulnerability,

Yes, but pine-4.21 is the current version of pine. Maybe you can put 
a note in the NetBSD vulnerability list explaining either (a) where 
in pkgsrc to get the update or (b) don't bother to look, it hasn't 
been fixed yet.