tech-pkg: audit-packages

Subject: audit-packages
To: None <tech-pkg@netbsd.org>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: tech-pkg
Date: 09/22/2003 03:04:36

Hi 

I have this in my daily security check:

Running /etc/security.local:
Package sendmail-8.12.10 has a remote-code-execution vulnerability, see
+http://www.cert.org/advisories/CA-2003-07.html
Package sendmail-8.12.10 has a denial-of-service vulnerability, see
+http://www.sendmail.org/dnsmap1.html

audit-packages seems confused by 2 digit version numbers (ie: it thinks
10 < 9). Is it a known problem?

-- 
Emmanuel Dreyfus
manu@netbsd.org