Subject: Re: audit-packages
To: Emmanuel Dreyfus <manu@NetBSD.org>
From: grant beattie <grant@NetBSD.org>
List: tech-pkg
Date: 09/23/2003 14:33:28
On Mon, Sep 22, 2003 at 03:04:36AM -0400, Emmanuel Dreyfus wrote:
> I have this in my daily security check:
>
> Running /etc/security.local:
> Package sendmail-8.12.10 has a remote-code-execution vulnerability, see
> +http://www.cert.org/advisories/CA-2003-07.html
> Package sendmail-8.12.10 has a denial-of-service vulnerability, see
> +http://www.sendmail.org/dnsmap1.html
>
> audit-packages seems confused by 2 digit version numbers (ie: it thinks
> 10 < 9). Is it a known problem?
I'm not seeing this here after I fixed it last week, and I'm using
this revision:
$NetBSD: pkg-vulnerabilities,v 1.341 2003/09/22 16:37:49 wiz Exp $
grant.