From owner-freebsd-security@FreeBSD.ORG Sun Aug 28 10:57:49 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1C7016A41F; Sun, 28 Aug 2005 10:57:49 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam.ru (gw.ipt.ru [80.253.10.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D8E943D45; Sun, 28 Aug 2005 10:57:48 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam by bsam.ru with local (Exim 4.30; FreeBSD) id 1E9Kpf-0002Dm-OJ; Sun, 28 Aug 2005 14:56:11 +0400 To: Ian Moore References: <200508281014.29868.imoore@swiftdsl.com.au> From: Boris Samorodov Date: Sun, 28 Aug 2005 14:56:11 +0400 In-Reply-To: <200508281014.29868.imoore@swiftdsl.com.au> (Ian Moore's message of "Sun, 28 Aug 2005 10:14:21 +0930") Message-ID: <87188868@srv.sem.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: "Boris B. Samorodov" Cc: freebsd-security@FreeBSD.org, trevor@freebsd.org, secteam@FreeBSD.org Subject: Re: Arcoread7 secutiry vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2005 10:57:49 -0000 Hi! cc'd to freebsd-security@ as somebody there may correct me, cc'd to secteam@ as maintaner of security/portaudit. On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: > I've just updated my acroread port to 7.0.1 & was surprised when portaudit > still listed it as a vulnerability. I think it is portaudit problem. > According to http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/85093, the > upgrade to 7.0.1 is suppoed to fix the problem, but according to > http://www.freebsd.org/ports/portaudit/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.html > and Adobe's web site at http://www.adobe.com/support/techdocs/331710.html, > the problem exists in 7.0.1 as well, but is fixed in 7.0.2. > I'm just wondering who is right here, or am I missing something? It looks like you missed the platfom to pay attention to. For Linux and Solaris "users should upgrade to Adobe Reader 7.0.1"... WBR -- bsam From owner-freebsd-security@FreeBSD.ORG Sun Aug 28 11:13:21 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B020516A41F; Sun, 28 Aug 2005 11:13:21 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B2E943D49; Sun, 28 Aug 2005 11:13:20 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 1D5B211A5F; Sun, 28 Aug 2005 13:13:18 +0200 (CEST) Date: Sun, 28 Aug 2005 13:13:18 +0200 From: "Simon L. Nielsen" To: Boris Samorodov Message-ID: <20050828111317.GC854@zaphod.nitro.dk> References: <200508281014.29868.imoore@swiftdsl.com.au> <87188868@srv.sem.ipt.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="L6iaP+gRLNZHKoI4" Content-Disposition: inline In-Reply-To: <87188868@srv.sem.ipt.ru> User-Agent: Mutt/1.5.9i Cc: Ian Moore , freebsd-security@FreeBSD.org, trevor@freebsd.org, secteam@FreeBSD.org Subject: Re: Arcoread7 secutiry vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2005 11:13:21 -0000 --L6iaP+gRLNZHKoI4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.08.28 14:56:11 +0400, Boris Samorodov wrote: > On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: >=20 > > I've just updated my acroread port to 7.0.1 & was surprised when portau= dit=20 > > still listed it as a vulnerability. It is, at least based on the information we (Security Team) have. > I think it is portaudit problem. >=20 > > According to http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/85093,= the=20 > > upgrade to 7.0.1 is suppoed to fix the problem, but according to=20 > > http://www.freebsd.org/ports/portaudit/02bc9b7c-e019-11d9-a8bd-000cf18b= be54.html=20 > > and Adobe's web site at http://www.adobe.com/support/techdocs/331710.ht= ml,=20 > > the problem exists in 7.0.1 as well, but is fixed in 7.0.2. >=20 > > I'm just wondering who is right here, or am I missing something? >=20 > It looks like you missed the platfom to pay attention to. For Linux > and Solaris "users should upgrade to Adobe Reader 7.0.1"... You are mixing up two different vulnerabilities [1]. The vulnerability fixed by the 7.0.1 upgrade was "acroread -- plug-in buffer overflow vulnerability" [2]. The vulnerability portaudit is warning you about is "acroread -- XML External Entity vulnerability" [3]. As far as I know Adobe has not released any fix for the Linux version of Adobe Reader for [3]. [1] http://www.vuxml.org/freebsd/pkg-acroread7.html [2] http://www.vuxml.org/freebsd/f74dc01b-0e83-11da-bc08-0001020eed82.html [3] http://www.vuxml.org/freebsd/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.html --=20 Simon L. Nielsen FreeBSD Security Team --L6iaP+gRLNZHKoI4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDEZxNh9pcDSc1mlERAn4yAKCRaEoeokOmpe4fRlwlO/26hV97qACfYpWR Rqcvyo56isWYhLvg3HSR1J4= =uGn5 -----END PGP SIGNATURE----- --L6iaP+gRLNZHKoI4-- From owner-freebsd-security@FreeBSD.ORG Sun Aug 28 11:27:00 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A972016A41F; Sun, 28 Aug 2005 11:27:00 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam.ru (gw.ipt.ru [80.253.10.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 310BD43D45; Sun, 28 Aug 2005 11:27:00 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam by bsam.ru with local (Exim 4.30; FreeBSD) id 1E9LHx-0003SC-8O; Sun, 28 Aug 2005 15:25:25 +0400 To: "Simon L. Nielsen" References: <200508281014.29868.imoore@swiftdsl.com.au> <87188868@srv.sem.ipt.ru> <20050828111317.GC854@zaphod.nitro.dk> From: Boris Samorodov Date: Sun, 28 Aug 2005 15:25:25 +0400 In-Reply-To: <20050828111317.GC854@zaphod.nitro.dk> (Simon L. Nielsen's message of "Sun, 28 Aug 2005 13:13:18 +0200") Message-ID: <21107114@srv.sem.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: "Boris B. Samorodov" Cc: Ian Moore , freebsd-security@FreeBSD.org, trevor@freebsd.org, secteam@FreeBSD.org Subject: Re: Arcoread7 secutiry vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2005 11:27:00 -0000 On Sun, 28 Aug 2005 13:13:18 +0200 Simon L. Nielsen wrote: > On 2005.08.28 14:56:11 +0400, Boris Samorodov wrote: > > On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: > > > > > I've just updated my acroread port to 7.0.1 & was surprised when portaudit > > > still listed it as a vulnerability. > It is, at least based on the information we (Security Team) have. > > I think it is portaudit problem. > > > > > According to http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/85093, the > > > upgrade to 7.0.1 is suppoed to fix the problem, but according to > > > http://www.freebsd.org/ports/portaudit/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.html > > > and Adobe's web site at http://www.adobe.com/support/techdocs/331710.html, > > > the problem exists in 7.0.1 as well, but is fixed in 7.0.2. > > > > > I'm just wondering who is right here, or am I missing something? > > > > It looks like you missed the platfom to pay attention to. For Linux > > and Solaris "users should upgrade to Adobe Reader 7.0.1"... > You are mixing up two different vulnerabilities [1]. The vulnerability > fixed by the 7.0.1 upgrade was "acroread -- plug-in buffer overflow > vulnerability" [2]. The vulnerability portaudit is warning you about > is "acroread -- XML External Entity vulnerability" [3]. As far as I > know Adobe has not released any fix for the Linux version of Adobe > Reader for [3]. > [1] http://www.vuxml.org/freebsd/pkg-acroread7.html > [2] http://www.vuxml.org/freebsd/f74dc01b-0e83-11da-bc08-0001020eed82.html > [3] http://www.vuxml.org/freebsd/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.html Well, I think that Linux version is not suffered from CAN-2005-1306: http://www.adobe.com/support/techdocs/331710.html Platforms affected are Windows and Mac OS. Am I missing something? WBR -- bsam From owner-freebsd-security@FreeBSD.ORG Sun Aug 28 11:43:28 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A82216A41F; Sun, 28 Aug 2005 11:43:28 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2105643D46; Sun, 28 Aug 2005 11:43:28 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id D21C211A5F; Sun, 28 Aug 2005 13:43:26 +0200 (CEST) Date: Sun, 28 Aug 2005 13:43:26 +0200 From: "Simon L. Nielsen" To: Boris Samorodov Message-ID: <20050828114326.GE854@zaphod.nitro.dk> References: <200508281014.29868.imoore@swiftdsl.com.au> <87188868@srv.sem.ipt.ru> <20050828111317.GC854@zaphod.nitro.dk> <21107114@srv.sem.ipt.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZInfyf7laFu/Kiw7" Content-Disposition: inline In-Reply-To: <21107114@srv.sem.ipt.ru> User-Agent: Mutt/1.5.9i Cc: Ian Moore , freebsd-security@FreeBSD.org, trevor@freebsd.org, secteam@FreeBSD.org Subject: Re: Arcoread7 secutiry vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2005 11:43:28 -0000 --ZInfyf7laFu/Kiw7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.08.28 15:25:25 +0400, Boris Samorodov wrote: > On Sun, 28 Aug 2005 13:13:18 +0200 Simon L. Nielsen wrote: > > > You are mixing up two different vulnerabilities [1]. The vulnerability > > fixed by the 7.0.1 upgrade was "acroread -- plug-in buffer overflow > > vulnerability" [2]. The vulnerability portaudit is warning you about > > is "acroread -- XML External Entity vulnerability" [3]. As far as I > > know Adobe has not released any fix for the Linux version of Adobe > > Reader for [3]. >=20 > > [1] http://www.vuxml.org/freebsd/pkg-acroread7.html > > [2] http://www.vuxml.org/freebsd/f74dc01b-0e83-11da-bc08-0001020eed82.h= tml > > [3] http://www.vuxml.org/freebsd/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.h= tml >=20 > Well, I think that Linux version is not suffered from CAN-2005-1306: > http://www.adobe.com/support/techdocs/331710.html >=20 > Platforms affected are Windows and Mac OS. Am I missing something? Adobe does not list the Linux version as affected, but the original reporter of the problem does list the Linux version as affected, at http://shh.thathost.com/secadv/adobexxe/ . In these cases we prefer err on the side of caution and will rather list a package as affected, even if it's not, rather than not listing a package that turn out to be affected. I have just written a mail to the original reporter of the problem to try to clarify the issue. --=20 Simon L. Nielsen FreeBSD Security Team --ZInfyf7laFu/Kiw7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDEaNeh9pcDSc1mlERAszVAKCPh5JmphoXHtrsmMix7F7kZ/nARQCgmqKS fJmb0ksDMqLLiGF+ExsYj84= =eVdN -----END PGP SIGNATURE----- --ZInfyf7laFu/Kiw7-- From owner-freebsd-security@FreeBSD.ORG Sun Aug 28 21:02:24 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0163916A41F; Sun, 28 Aug 2005 21:02:24 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7836643D48; Sun, 28 Aug 2005 21:02:23 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id D53F111A5F; Sun, 28 Aug 2005 23:02:21 +0200 (CEST) Date: Sun, 28 Aug 2005 23:02:21 +0200 From: "Simon L. Nielsen" To: Boris Samorodov Message-ID: <20050828210221.GB857@zaphod.nitro.dk> References: <200508281014.29868.imoore@swiftdsl.com.au> <87188868@srv.sem.ipt.ru> <20050828111317.GC854@zaphod.nitro.dk> <21107114@srv.sem.ipt.ru> <20050828114326.GE854@zaphod.nitro.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="R3G7APHDIzY6R/pk" Content-Disposition: inline In-Reply-To: <20050828114326.GE854@zaphod.nitro.dk> User-Agent: Mutt/1.5.9i Cc: Ian Moore , freebsd-security@FreeBSD.org, trevor@freebsd.org, secteam@FreeBSD.org Subject: Re: Arcoread7 secutiry vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2005 21:02:24 -0000 --R3G7APHDIzY6R/pk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.08.28 13:43:26 +0200, Simon L. Nielsen wrote: > On 2005.08.28 15:25:25 +0400, Boris Samorodov wrote: > > On Sun, 28 Aug 2005 13:13:18 +0200 Simon L. Nielsen wrote: > > > > > You are mixing up two different vulnerabilities [1]. The vulnerability > > > fixed by the 7.0.1 upgrade was "acroread -- plug-in buffer overflow > > > vulnerability" [2]. The vulnerability portaudit is warning you about > > > is "acroread -- XML External Entity vulnerability" [3]. As far as I > > > know Adobe has not released any fix for the Linux version of Adobe > > > Reader for [3]. > >=20 > > > [1] http://www.vuxml.org/freebsd/pkg-acroread7.html > > > [2] http://www.vuxml.org/freebsd/f74dc01b-0e83-11da-bc08-0001020eed82= =2Ehtml > > > [3] http://www.vuxml.org/freebsd/02bc9b7c-e019-11d9-a8bd-000cf18bbe54= =2Ehtml > >=20 > > Well, I think that Linux version is not suffered from CAN-2005-1306: > > http://www.adobe.com/support/techdocs/331710.html > >=20 > > Platforms affected are Windows and Mac OS. Am I missing something? >=20 > Adobe does not list the Linux version as affected, but the original > reporter of the problem does list the Linux version as affected, at > http://shh.thathost.com/secadv/adobexxe/ . In these cases we prefer > err on the side of caution and will rather list a package as affected, > even if it's not, rather than not listing a package that turn out to > be affected. >=20 > I have just written a mail to the original reporter of the problem to > try to clarify the issue. I just got a mail back from Sverre H. Huseby and he says that the Linux version indeed was affected, but 7.0.1 seems to be fixed, so I marked it as fixed in VuXML. --=20 Simon L. Nielsen FreeBSD Security Team --R3G7APHDIzY6R/pk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDEiZdh9pcDSc1mlERAnNxAJ9oluhQsLxHQRYbd+ZlzGx9c5DlRQCdELec SaxkNYu0lnni8Nb00j0j55c= =dhbW -----END PGP SIGNATURE----- --R3G7APHDIzY6R/pk-- From owner-freebsd-security@FreeBSD.ORG Mon Aug 29 10:53:17 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 910CF16A422 for ; Mon, 29 Aug 2005 10:53:17 +0000 (GMT) (envelope-from imoore@swiftdsl.com.au) Received: from smtp.ade.swiftdsl.com.au (smtp.ade.swiftdsl.com.au [218.214.228.98]) by mx1.FreeBSD.org (Postfix) with SMTP id E0FD043D48 for ; Mon, 29 Aug 2005 10:53:15 +0000 (GMT) (envelope-from imoore@swiftdsl.com.au) Received: (qmail 15594 invoked from network); 29 Aug 2005 10:53:17 -0000 Received: from unknown (HELO daemon.foo.lan) (218.214.176.70) by smtp.ade.swiftdsl.com.au with SMTP; 29 Aug 2005 10:53:17 -0000 From: Ian Moore To: "Simon L. Nielsen" Date: Mon, 29 Aug 2005 20:23:01 +0930 User-Agent: KMail/1.8.2 References: <200508281014.29868.imoore@swiftdsl.com.au> <20050828114326.GE854@zaphod.nitro.dk> <20050828210221.GB857@zaphod.nitro.dk> In-Reply-To: <20050828210221.GB857@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5599462.cnBkoGYVLK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508292023.11924.imoore@swiftdsl.com.au> X-Mailman-Approved-At: Mon, 29 Aug 2005 12:07:21 +0000 Cc: Boris Samorodov , freebsd-security@freebsd.org, trevor@freebsd.org, secteam@freebsd.org Subject: Re: Arcoread7 secutiry vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2005 10:53:17 -0000 --nextPart5599462.cnBkoGYVLK Content-Type: text/plain; charset="cp 850" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 29 August 2005 06:32, Simon L. Nielsen wrote: > On 2005.08.28 13:43:26 +0200, Simon L. Nielsen wrote: > > On 2005.08.28 15:25:25 +0400, Boris Samorodov wrote: > > > On Sun, 28 Aug 2005 13:13:18 +0200 Simon L. Nielsen wrote: > > > > You are mixing up two different vulnerabilities [1]. The > > > > vulnerability fixed by the 7.0.1 upgrade was "acroread -- plug-in > > > > buffer overflow vulnerability" [2]. The vulnerability portaudit is > > > > warning you about is "acroread -- XML External Entity vulnerability" > > > > [3]. As far as I know Adobe has not released any fix for the Linux > > > > version of Adobe Reader for [3]. > > > > > > > > [1] http://www.vuxml.org/freebsd/pkg-acroread7.html > > > > [2] > > > > http://www.vuxml.org/freebsd/f74dc01b-0e83-11da-bc08-0001020eed82.h= tm > > > >l [3] > > > > http://www.vuxml.org/freebsd/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.h= tm > > > >l > > > > > > Well, I think that Linux version is not suffered from CAN-2005-1306: > > > http://www.adobe.com/support/techdocs/331710.html > > > > > > Platforms affected are Windows and Mac OS. Am I missing something? > > > > Adobe does not list the Linux version as affected, but the original > > reporter of the problem does list the Linux version as affected, at > > http://shh.thathost.com/secadv/adobexxe/ . In these cases we prefer > > err on the side of caution and will rather list a package as affected, > > even if it's not, rather than not listing a package that turn out to > > be affected. > > > > I have just written a mail to the original reporter of the problem to > > try to clarify the issue. > > I just got a mail back from Sverre H. Huseby and he says that the > Linux version indeed was affected, but 7.0.1 seems to be fixed, so I > marked it as fixed in VuXML. Thanks for clearing that up! Cheers, =2D-=20 Ian Moore GPG Key: http://home.swiftdsl.com.au/~imoore/imoore-swift.asc --nextPart5599462.cnBkoGYVLK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDEukXqgbxoapAJlsRAsabAKC75Opv2b8BHIy9iFA0MHClyamXJQCfY3Ud uupCjQUeWmXMJYezhlcZ7wM= =8lK9 -----END PGP SIGNATURE----- --nextPart5599462.cnBkoGYVLK-- From owner-freebsd-security@FreeBSD.ORG Wed Aug 31 18:00:43 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C1D0F16A41F; Wed, 31 Aug 2005 18:00:43 +0000 (GMT) (envelope-from Cy.Schubert@komquats.com) Received: from komquats.com (S0106002078125c0c.gv.shawcable.net [24.108.150.239]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DAD443D45; Wed, 31 Aug 2005 18:00:43 +0000 (GMT) (envelope-from Cy.Schubert@komquats.com) Received: from cwsys.cwsent.com (cwsys [10.1.1.1]) by komquats.com (Postfix) with ESMTP id 2BEC24C5C5; Wed, 31 Aug 2005 11:00:40 -0700 (PDT) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.13.3/8.13.3) with ESMTP id j7VI0dm6043242; Wed, 31 Aug 2005 11:00:39 -0700 (PDT) (envelope-from Cy.Schubert@komquats.com) Message-Id: <200508311800.j7VI0dm6043242@cwsys.cwsent.com> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.0.4 From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: Jacques Vidrine In-Reply-To: Message from Jacques Vidrine of "Thu, 18 Aug 2005 07:58:34 CDT." Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Date: Wed, 31 Aug 2005 11:00:39 -0700 Sender: Cy.Schubert@komquats.com Cc: freebsd-security@freebsd.org Subject: Re: New FreeBSD Security Officer X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Cy Schubert List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Aug 2005 18:00:43 -0000 In message , Jacques = Vidrine writes: > Hello Everyone=21 >=20 > It has been my pleasure and privilege to serve as the FreeBSD =20 > Security Officer for the past 3+ years. With the crucial support of =20 =5B...=5D > Thanks for everyone's support over the years, and please extend the =20 > same and more for Colin=21 Cheers, > --=20 > Jacques Vidrine Jacques, I'd like to express my appreciation for all the work you have done as the= =20 FreeBSD Security Officer. Thank you. Cheers, Cy Schubert Web: http://www.komquats.com and http://www.bcbodybuilder.com FreeBSD UNIX: Web: http://www.FreeBSD.org BC Government: =22Lift long enough and I believe arrogance is replaced by humility and fear by courage and selfishness by generosity and rudeness by compassion and caring.=22 -- Dave Draper