, <tech-security@NetBSD.org>
From: David H.Gutteridge <dhgutteridge@sympatico.ca>
List: tech-security
Date: 01/09/2005 01:42:01
Hello,
I thought I'd mention that the pkg-vulnerabilities file
doesn't always list all the names that pkgsrc packages
have existed under, and consequently misses providing
some notifications.
I've found two examples in my own case. Version 0.7 of
Firebird (as it used to be called) went by the name
MozillaFirebird in pkgsrc. Some relevant advisories
are missed because there's nothing under that name in
the pkg-vulnerabilities file.
More recently, the same thing goes for Perl. I have the
package perl-thread-5.8.4nb1 installed on a machine, and
it doesn't get picked up by audit-packages because the
string doesn't match against "perl-5.8.[0-4]*".
Dave