Subject: Re: mpg123 buffer overflow vulnerability (fwd)
To: Georg Schwarz <>
From: Hubert Feyrer <>
List: tech-pkg
Date: 09/09/2004 22:03:31
On Thu, 9 Sep 2004, Georg Schwarz wrote:
> A quick question: since mpg123 is part of pkgsrc, who is taking care of
> such fixes?

It's already in latest pkgsrc.

> I did not find it mentioned on the NetBSD security web pages.

At least the latest pkg-vulnerabilities file (get via
pkgsrc/security/audit-packages) knows about the problem.

In general, we don't do advisories for random 3rd party software not
produced by the NetBSD Foundation. We make all possible efforts updating
the package as fast as we can, but we do leave it to the original software
authors to notify their users about new versions - which they can then
grab via pkgsrc.

 - Hubert

If wishes were wings,  o"   )~  would fly.            -- Go!