tech-pkg: Re: pkgsrc/mail/qpopper vulnerability

Subject: Re: pkgsrc/mail/qpopper vulnerability
To: None <mishka@terabyte.com.ua>
From: Takahiro Kambe <taca@back-street.net>
List: tech-pkg
Date: 09/17/2003 01:12:43

In message <20030916185401.5705f694.mishka@terabyte.com.ua>
	on Tue, 16 Sep 2003 18:54:01 +0300,
	"Mike M. Volokhov" <mishka@terabyte.com.ua> wrote:
> Greetings!
Hi.

> I've found the following security issue about QPopper 4.0.5
> (pkgsrc/mail/qpopper); it covers popassd utility:
> 
> 	http://www.securityfocus.com/bid/7447
> 
> However, it is not in pkg-vulnerabilities list.
This problem is fixed with poppassd package 4.0.5nb1 and
pkg-vulnerabilities contains a line as below.

poppassd<4.0.5nb1       local-root-shell        http://www.securityfocus.com/archive/1/319811/2003-04-26/2003-05-02/0

NetBSD's qpopper package dosen't contain poppassd program.

Cheers.

-- 
Takahiro Kambe <taca@back-street.net>