pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

package with security hole not flagged at build time

To: pkgsrc-users%netbsd.org@localhost
Subject: package with security hole not flagged at build time
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Tue, 9 Jan 2007 10:38:34 -0500

According to audit-packages, fetchmail-6.2.5.5nb1 has a security hole.
When I go to its directory and do a 'make', it builds it without
noticing the problem.  My pkgsrc is up-to-date (HEAD), as is my
audit-packages and the vulnerabilities file it uses.  (This is on
-current from about two weeks ago.)

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: package with security hole not flagged at build time
  - From: Geert Hendrickx

Prev by Date: gdal-lib -lcompat
Next by Date: Re: package with security hole not flagged at build time
Previous by Thread: gdal-lib -lcompat
Next by Thread: Re: package with security hole not flagged at build time
Indexes:

Home | Main Index | Thread Index | Old Index