Subject: security/ssh vs distfiles/vulnerabilities
To: None <firstname.lastname@example.org>
From: David Maxwell <email@example.com>
Date: 06/13/2001 19:25:45
Just point me to the thread if I missed a discussion...
Right now distfiles/vulnerabilities says ssh<1.2.31 is vulnerable.
The latest version in pkgsrc is 1.2.27nb1, whose patch-ac seems to
address the issue that the vulnerabilities file points to.
So... should security/ssh be marked BROKEN, or the entry in
vulnerabilties be removed, or... something else?
Currently the package is 'clean', but audit-packages reports it broken.
David Maxwell, firstname.lastname@example.orgemail@example.com --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering,
unthinking mass. This is the same reason why you probably don't tell your
boss about everything you read on BugTraq! - Signal 11