>> I am trying to test presence of CVE-2018-6922 [...] > NetBSD 5 is not supported anymore, and NetBSD 6 is about to reach > EOL. So there is no way this is ever going to be fixed in NetBSD 5.
That's a bit of an overstatement. Not fixed _by NetBSD_, perhaps, but there are at least a few people still using and, to some extent, maintaining EOLed NetBSD. I, for example, still run and evolve 5.2, among others. > There was a small conversation about the issue yesterday, in case > you're interested: [...] But NetBSD is vulnerable if the threat model includes malicious attacks, even if it is resistant against pathological behaviour provoked by random fragment loss. (For that matter, it's not clear from the reply whether the statement applies to all NetBSD or only recent NetBSD - though code inspection makes it appear it's true of 1.4T and 5.2 and presumably everything in between.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
