I think that an advisories page at tcpdump.org would be great. Current and future security problems could have a list of vulnerable versions, such as:
ISAKMP decoder buffer overflow: 3.7 branch < 3.7.2, 3.8 branch < 3.8.2, branches earlier than 3.7 This kind of information is necessary to supplement the changelogs, which for 3.8.1 are currently a list of changes before 3.8. I wasn't sure which versions were vulnerable until I read the email I'm replying to. Listing older (but recent) problems such as the BGP decoder bug from late 2002 would be useful too. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
