NetBSD 1.6 is using groff 1.16.1, and 1.5.3+ has groff 1.10.
Is this on anyone's radar?

> - - --------------------------------------------------------------------
> GENTOO LINUX SECURITY ANNOUNCEMENT 200210-005
> - - --------------------------------------------------------------------
> 
> PACKAGE: groff
> SUMMARY: buffer overflow
> DATE   : 2002-10-19 19:30 UTC
> 
> - - --------------------------------------------------------------------
> 
> The groff preprocessor contains an exploitable buffer overflow. If 
> groff can be invoked within the LPRng printing system, an attacker 
> can gain rights as the "lp" user.
> 
> Remote exploitation may be possible if lpd is running and is accessible
> remotely, and the attacker knows the name of the printer and spoolfile.
> 
> SOLUTION
> 
> It is recommended that all Gentoo Linux users who are running
> sys-apps/groff-1.17.2-r2 and earlier update their systems