tech-security: Re: What to do about unfixed vulnerabilities?

Subject: Re: What to do about unfixed vulnerabilities?
To: Paul Hoffman <phoffman@proper.com>
From: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
List: tech-security
Date: 10/23/2000 18:19:34

  by mail.netbsd.org with SMTP; 23 Oct 2000 16:16:51 -0000
	by rfhs8012.fh-regensburg.de (8.10.1/8.10.1) with ESMTP id e9NGFvG02858;
	Mon, 23 Oct 2000 18:15:57 +0200 (MET DST)
Date: Mon, 23 Oct 2000 18:19:34 +0200 (MET DST)
From: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
To: Paul Hoffman <phoffman@proper.com>
cc: tech-pkg@netbsd.org, tech-security@netbsd.org
Subject: Re: What to do about unfixed vulnerabilities?
In-Reply-To: <p0501047cb61a1312ed65@[165.227.249.17]>
Message-ID: <Pine.GSO.4.21.0010231818540.2541-100000@rfhpc8320.fh-regensburg.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Mon, 23 Oct 2000, Paul Hoffman wrote:
>      Package pine-4.21 has a denial-of-service vulnerability,
>      see http://www.securityfocus.com/advisories/2646
> 
> Yes, but pine-4.21 is the current version of pine.

IIRC the problem is fixed in pine-4.21nb1.


 - Hubert

-- 
Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>