Subject: Re: snort vulnerability
To: Berndt Josef Wulf <email@example.com>
From: Adrian Portelli <adrianp@NetBSD.org>
Date: 01/09/2005 09:16:45
Seeming as I'm the maintainer for this . . . :)
It hasn't been updated because I tend to steer away from updating
packages to "release candidates" as opposed to full releases. As soon
as 2.3.0 goes live it will be imported.
The vulnerability is pretty specific in what you have to be doing to be
effected by it. The snort homepage has an article on this if you are
concerned about if you are effected or not.
Also, AFAIK the snort team has chosen not to backport the fix to the
2.2.x branch which would have been an ideal interim solution for us.
Berndt Josef Wulf wrote:
> is there any reasons why net/snort hasn't been updated to snort-2.3.0RC2
> consindering the vulnerability of the current version in pkgsrc?
> cheerio Berndt