Subject: Re: RSAREF2 buffer overflow?
To: Aaron J. Grier <agrier@poofy.goof.com>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-crypto
Date: 12/14/1999 16:18:50
> apologies if this is the wrong list, but tech-security looks like it's
> been dead for almost six months...
> 
> I know this doesn't apply to those outside the US [1], but the
> NetBSD-specific section in the recent CERT advisory regarding buffer
> overflows in RSAREF2 says basically "we advise recompiling things to not
> use RSAREF2."  What about those of us who (for legal or other reasons)
> don't have the option?

This looks like the result of a left hand vs. right hand disconnect.
Patches for this problem were checked into pkgsrc on december 2nd.

> should I send-pr this?

No, it's already fixed..  too bad it's too late to fix the advisory.

					- Bill