Should I be expecting an update of the package, or should I patch the
package myself (I didn't see a patch in the announcement I see night
after night), or should I just hope no one knows I'm running mysql?

I'm just not sure what audit-packages does for me.

If I were to receive a security annoucement, I'd know there were fixes
already in place. At this point I think I've seen a warning from
audit-packages three nights in a row with no cvs commits to
pkgsrc/databases.

-- 
Hisashi T Fujinaka - htodd@twofifty.com
BSEE(6/86) + BSChem(3/95) + BAEnglish(8/95) + MSCS(8/03) + $2.50 = latte