On Wed, 2004-01-21 at 16:49, William Stockall wrote: > It might actually be useful here to get some indication that, although > the package (never mind the version) is installed, we are not vulnerable > for whatever reason. This is probably preferable to wondering if, > perhaps, nobody noticed this particular package for this distribution. > > maybe that sort of action should be reserved for serious vulnerabilities. a vcf file import overflow in kdepim does not strike me as 'serious' if openssh is exploited by the opensshd in 7.3 isn't vulnerable, then sure - let people know about it. -sv
