Curt Sampson wrote:

> On Mon, 9 May 2005, Jeremy C. Reed wrote:
> 
>> (I assume nb0 means no PKGREVISION was defined or was it really set to
>> zero?)
> 
> 
> It was not defined.
> 
> cjs

Sorry for taking so long to respond I missed this thread.

You can find the sample exploit here:
http://securesoftware.list.cr.yp.to/archive/0/10

I couldn't reproduce it on NetBSD with 0.90 and _without_ your patch.

adrian.