Subject: Re: vulnerability list change
To: None <itojun@iijlab.net>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 06/28/2002 22:40:32
In message <20020629011235.A94F14B25@coconut.itojun.org>, itojun@iijlab.net wri
tes:
>>> >From download-vulnerability-list:
>>> New vulnerability list (15224 bytes) is smaller than existing list (15232
>>> bytes)
>>> 
>>> Was something removed intentionally, or is this bad?
>>
>>The bind-9.2.1 vulnerability line was removed, since bind-9.2.1 is not
>>vulnerable IIUC. Normally, the file size should be increased anyway,
>>but this seems to have been overlooked this time.
>
>	maybe i should have commented out the line instead?  sorry for
>	confusion.

Yes, absolutely -- download-vulnerability-list won't overwrite a list 
with a shorter one.  I had to remove my old one manually.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)