Subject: security/ssh vs distfiles/vulnerabilities
To: None <>
From: David Maxwell <>
List: tech-pkg
Date: 06/13/2001 19:25:45
Just point me to the thread if I missed a discussion...

Right now distfiles/vulnerabilities says ssh<1.2.31 is vulnerable.

The latest version in pkgsrc is 1.2.27nb1, whose patch-ac seems to
address the issue that the vulnerabilities file points to.

So... should security/ssh be marked BROKEN, or the entry in
vulnerabilties be removed, or... something else?

Currently the package is 'clean', but audit-packages reports it broken.
That's bad.

David Maxwell,| --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering, 
unthinking mass.  This is the same reason why you probably don't tell your 
boss about everything you read on BugTraq!    - Signal 11