Subject: Re: converters/xlreader vulnerability fix
To: Curt Sampson <>
From: Adrian Portelli <>
List: tech-pkg
Date: 05/29/2005 00:44:47
Curt Sampson wrote:

> On Mon, 9 May 2005, Jeremy C. Reed wrote:
>> (I assume nb0 means no PKGREVISION was defined or was it really set to
>> zero?)
> It was not defined.
> cjs

Sorry for taking so long to respond I missed this thread.

You can find the sample exploit here:

I couldn't reproduce it on NetBSD with 0.90 and _without_ your patch.