Subject: imap-uw vulnerability
To: None <tech-pkg@netbsd.org>
From: Chris Ross <cross+netbsd@distal.com>
List: tech-pkg
Date: 02/08/2005 08:42:54
I sent email a month or two ago about the outdated mail/imap-uw
distribution
in pkgsrc-2004Q4. I see that it has been updated in pkgsrc HEAD.
In addition to requesting the pullup, there is a vulnerability not
mentioned
in the audit information run nightly on my system. More information can
be found:
http://www.washington.edu/pine/pine-info/2005.01/msg00191.html
http://www.kb.cert.org/vuls/id/702777
Has this already been patched in 2004Q4? I see that the package
name/tag has changed to imap-uw-2004anb2, so perhaps it has already
been patched. If so, the only complaint I have is that the auditing
scripts/data-files don't know about the vulnerability in what I have
installed (imap-uw-2004).
Thanks.
- Chris