Subject: Re: What to do about unfixed vulnerabilities?
To: Paul Hoffman <email@example.com>
From: Hisashi T Fujinaka <firstname.lastname@example.org>
Date: 10/23/2000 09:19:15
On Mon, 23 Oct 2000, Paul Hoffman wrote:
> The new audit-packages package is quite nice, and thanks for the work
> that went into it. I run it, and it tells me:
> Package pine-4.21 has a denial-of-service vulnerability,
> see http://www.securityfocus.com/advisories/2646
> Yes, but pine-4.21 is the current version of pine. Maybe you can put
> a note in the NetBSD vulnerability list explaining either (a) where
> in pkgsrc to get the update or (b) don't bother to look, it hasn't
> been fixed yet.
In general, the answer is (b), but I think the netbsd version was
patched. I can't find a new or beta version on the official pine
site. Maybe Mark Crispin isn't convinced he's done anything wrong (again).
Hisashi T Fujinaka - email@example.com
BSEE (6/86) + BSChem (3/95) + BAEnglish (8/95) + $2.50 = mocha latte