On Mon, Oct 21, 2002 at 04:57:52PM -0700, Jeremy C. Reed wrote: > On Mon, 21 Oct 2002, Joel Baker wrote: > > > Most of them are in userland which is already provided by Debian in other > > packages, and as such, I do not build them from NetBSD sources. > > Hopefully, the Debian sources are updated. > > A quick look at http://www.debian.org/security/2002/ does not indicate > sendmail/smrsh or groff/pic. (It also doesn't mention ntalkd, but I > believe NetBSD's ntalk is different than Debian's netkit-ntalk.)
On that, I could not comment, I'm afraid - but the Security Team generally does keep an eye on Bugtraq, as far as I know, and other similar lists, and try to check anything new that comes out and applies. Keep in mind that Debian often either has never run the problem version (the maintainer never packaged it, it's too new and only appeared in sid and wasn't a major hole - note that the PAM problem for sid was a *very* unusual situation, usually things in sid aren't announced) - and sometimes, Debian has patches that make the problem code irrelevant (though this seems to be rarer). If in doubt, of course, one can always ask the maintainer... -- *************************************************************************** Joel Baker System Administrator - lightbearer.com [EMAIL PROTECTED] http://users.lightbearer.com/lucifer/
pgp9qGF9IibBZ.pgp
Description: PGP signature
