>Number:         12246
>Category:       pkg
>Synopsis:       xemacs package contains security problem & should be updated
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Feb 19 12:31:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     antti autio
>Release:        netbsd 1.5
>Organization:
private
>Environment:
NetBSD sushi 1.5 NetBSD 1.5 (SUSHI) #3: Fri Feb 16 17:35:44 EET 2001     
aa@sushi:/usr/src/sys/arch/i386/compile/SUSHI i386

>Description:
all xemacs-21.1 versions before 21.1.14 contain a remote vulnerability
in gnuserv. the current netbsd pkg is version 21.1.12 & therefore
vulnerable as well if i have understood correctly. 
>How-To-Repeat:
see http://list-archive.xemacs.org/xemacs-announce/200102/msg00000.html
>Fix:
upgrade xemacs package to 21.1.14. should be pretty easy as releases
in the stable (21.1) branch are bugfix only.
>Release-Note:
>Audit-Trail:
>Unformatted: