pkgsrc-users: package with security hole not flagged at build time

Subject: package with security hole not flagged at build time
To: None <pkgsrc-users@netbsd.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: pkgsrc-users
Date: 01/09/2007 10:38:34

According to audit-packages, fetchmail-6.2.5.5nb1 has a security hole.
When I go to its directory and do a 'make', it builds it without
noticing the problem.  My pkgsrc is up-to-date (HEAD), as is my
audit-packages and the vulnerabilities file it uses.  (This is on
-current from about two weeks ago.)

		--Steve Bellovin, http://www.cs.columbia.edu/~smb