Subject: Re: What to do about unfixed vulnerabilities?
To: Paul Hoffman <>
From: Hisashi T Fujinaka <>
List: tech-pkg
Date: 10/23/2000 09:19:15
On Mon, 23 Oct 2000, Paul Hoffman wrote:

> The new audit-packages package is quite nice, and thanks for the work 
> that went into it. I run it, and it tells me:
>      Package pine-4.21 has a denial-of-service vulnerability,
>      see
> Yes, but pine-4.21 is the current version of pine. Maybe you can put 
> a note in the NetBSD vulnerability list explaining either (a) where 
> in pkgsrc to get the update or (b) don't bother to look, it hasn't 
> been fixed yet.

In general, the answer is (b), but I think the netbsd version was
patched. I can't find a new or beta version on the official pine
site. Maybe Mark Crispin isn't convinced he's done anything wrong (again).

Hisashi T Fujinaka -
BSEE (6/86) + BSChem (3/95) + BAEnglish (8/95) + $2.50 = mocha latte