In message <20020801081449.30DB54B22@coconut.itojun.org>, itojun@iijlab.net wri
tes:
>>I've seen last days three security advisories from FreeBSD (problems with 
>>OpenSSL, pppd and rpc) but none from NetBSD. Is NetBSD unaffected by these 
>>three bugs ?
>
>	yes for all, and advisories are under preparation.
>
It would be a good idea, I think, to try to get out very early warning 
notices in such cases.  The NetBSD community should know of possible 
vulnerabilities that appear to apply, even before fixes are ready.  
That way, people can turn off services, block ports, etc., as 
necessary.  (As an example -- I just saw a pointer to
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security
(though I know nothing more about it).  From a quick 'find' on my 
system, updated yesterday to 1-6beta6, I don't *think* NetBSD is 
currently affected -- but I needed to know about that in order to do 
the scan.)

A more complete advisory, when the fix is ready (or found not to be 
needed) is still necessary, of course.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)