On Sun, Jan 09, 2005 at 01:42:01AM -0500, David H. Gutteridge wrote:
> Hello,
> 
> I thought I'd mention that the pkg-vulnerabilities file
> doesn't always list all the names that pkgsrc packages
> have existed under, and consequently misses providing
> some notifications.
> 
> I've found two examples in my own case.  Version 0.7 of
> Firebird (as it used to be called) went by the name
> MozillaFirebird in pkgsrc.  Some relevant advisories
> are missed because there's nothing under that name in
> the pkg-vulnerabilities file.
> 
> More recently, the same thing goes for Perl.  I have the
> package perl-thread-5.8.4nb1 installed on a machine, and 
> it doesn't get picked up by audit-packages because the
> string doesn't match against "perl-5.8.[0-4]*".

Hi Dave,

Thanks for these reports.  Could you direct them to the tech-pkg list?  In
general, NetBSD's security officer doesn't deal with package issues.

-- 
Bill Squier (groo@old-ones.com)                          http://www.netbsd.org

        I know I don't deserve another chance, but this _is_ America,
        and as an American, aren't I entitled to one?  --Sideshow Bob.