Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aCiK2-Yz1dg4e4WR@netmeister.org>
Date: Sat, 17 May 2025 09:10:51 -0400
From: Jan Schaumann <jschauma@...meister.org>
To: oss-security@...ts.openwall.com
Subject: Re: describing affected systems (was: screen:
 Multiple Security Issues in Screen (mostly affecting release 5.0.0 and
 setuid-root installations))

Jacob Bachmeyer <jcb62281@...il.com> wrote:

> Would "systems using pkgsrc-2025Q1, notably including NetBSD 9.x and NetBSD
> 10.1" have been a fair way of describing that set?

I think that's a lot better, although I would probably
have phrased it as:

Systems using screen(1) built from pkgsrc, including
binary packages installed on NetBSD using e.g.,
pkg_add(1) or pkgin(1) before screen-5.0.0nb3 are
affected.


The details can get confusing, because you can use
pkgsrc from sources from -current or a quarterly
tagged branch across a range of operating systems, but
can also install binary packages using at least two
different tools, so ultimately neither the date nor
the OS themselves matter as much as the package
version number.  (The "nb3" here signals that this is
the 3rd pkgsrc specific version bump of the 5.0.0
upstream version.)

But no need to further argue over the precise
language. :-)

-Jan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.