Subject: Pkg sources that have exploits and I'd like updated
To: None <tech-pkg@netbsd.org>
From: Ryan La Riviere <larz@cbis.ece.drexel.edu>
List: tech-pkg
Date: 03/04/2003 11:28:48
I have several packages that I run on my server that I'd like to be able to
update to the latest versions but the source is not current (and I'm not
adept at updating the packages to make them current).  Additionally, the
package's source are versions that have exploits.

The following is the output from `audit-packages`:

Package libmcrypt-2.4.22 has a remote-user-shell vulnerability, see
http://online.securityfocus.com/archive/1/305162/2003-01-01/2003-01-07/0
Package openssl-0.9.6g has a weak-encryption vulnerability, see
http://www.openssl.org/news/secadv_20030219.txt
Package php-4.1.2 has a remote-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
Package sendmail-8.12.6nb1 has a remote-code-execution vulnerability, see
http://www.cert.org/advisories/CA-2003-07.html

Thank you.

-Ryan

-- 
Mr. Ryan La Riviere
Project Manager; Mechanical Engineering and Mechanics
College of Engineering; Drexel University
Philadelphia, PA 19104

hp: http://staff.tdec.drexel.edu/~edljedi
IM (AIM, Yahoo, MSN): edljedi
w: 215.895.6460
Finger for Geek Code: finger -l larz@cbis.ece.drexel.edu

Linux is obsolete -Andrew Tanenbaum