Steven M. Bellovin wrote:
...
>>> 		--Steve Bellovin, http://www.cs.columbia.edu/~smb
>> Just as a matter of interest if you install the package and then run
>> audit-packages does it pick it up as being vulnerable ?
>>
> 
> Yes...
> 
> 		--Steve Bellovin, http://www.cs.columbia.edu/~smb

Hi Steven,

Just one additional bit of information . . .

Do you have PKGVULNDIR set anywhere (mk.conf, audit-packages.conf,
environment) or have you played with it of late ?

thanks,

adrian.