Subject: Pkg sources that have exploits and I'd like updated
To: None <>
From: Ryan La Riviere <>
List: tech-pkg
Date: 03/04/2003 11:28:48
I have several packages that I run on my server that I'd like to be able to
update to the latest versions but the source is not current (and I'm not
adept at updating the packages to make them current).  Additionally, the
package's source are versions that have exploits.

The following is the output from `audit-packages`:

Package libmcrypt-2.4.22 has a remote-user-shell vulnerability, see
Package openssl-0.9.6g has a weak-encryption vulnerability, see
Package php-4.1.2 has a remote-code-execution vulnerability, see
Package sendmail-8.12.6nb1 has a remote-code-execution vulnerability, see

Thank you.


Mr. Ryan La Riviere
Project Manager; Mechanical Engineering and Mechanics
College of Engineering; Drexel University
Philadelphia, PA 19104

IM (AIM, Yahoo, MSN): edljedi
w: 215.895.6460
Finger for Geek Code: finger -l

Linux is obsolete -Andrew Tanenbaum