Subject: Re: snort vulnerability
To: Berndt Josef Wulf <>
From: Adrian Portelli <>
List: tech-pkg
Date: 01/09/2005 09:16:45
Hi Berndt,

Seeming as I'm the maintainer for this . . . :)

It hasn't been updated  because I tend to steer away from updating 
packages to "release candidates" as opposed to full releases.  As soon 
as 2.3.0 goes live it will be imported.

The vulnerability is pretty specific in what you have to be doing to be 
effected by it.  The snort homepage has an article on this if you are 
concerned about if you are effected or not.

Also, AFAIK the snort team has chosen not to backport the fix to the 
2.2.x branch which would have been an ideal interim solution for us.



Berndt Josef Wulf wrote:
> G'day,
> is there any reasons why net/snort hasn't been updated to snort-2.3.0RC2 
> consindering the vulnerability of the current version in pkgsrc?
> cheerio Berndt