From nobody Tue Dec 5 22:15:27 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SlFGR6lm6z53WfW for ; Tue, 5 Dec 2023 22:15:27 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SlFGR6FMSz4bk1; Tue, 5 Dec 2023 22:15:27 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701814527; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=QdFn04QaMFZNyH0Y8HhHV2atxf6Ylu2aTgG0F2nnsBs=; b=OUPtO6nAvwJdEgp3LyptQuoP6+cSEIdnArT1BrmDW6t914bn93vAzgWDmFt5gv+WymbL7E tDpvPhpfKvQxog/MnE0iEs+ELnbUCVecB3dJS1/pScJmbMqbCNkMeNfStOqq3xW+bVhoP6 49nmnsCQ19gXWSe9ZDUA+n4VxvZF85L1p27i8iGVViY62tNZv9UUTBFo4zXn+3rgJrva/d /1vbMMLfnWWcyU2DVH1yKnJDEjqeCtDv4StxkD+aKJ/iB2DV8lQhQd+UJFjOwG7pe2VeYb HtQevbuHMsDM2/vU2Ih7MS9Fc0HGvhVVliYXBoKed8wQKeGXZmYWeAGNlD2EDA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701814527; a=rsa-sha256; cv=none; b=ubIKd8bq3FMbrkJegzWdiyJ8U22q21t0z/nL1DX2xhP/jIQtqSi+EBPu8Klbov+TNIjfdK n/jFshKcpvtJHHT9NwMjhai2zbYj0OoB4dkzQrqbAm8OQaYNyBG64sStPvqfppNdvYKHeb O2w0sAQpIOZ4EInY1OqFhC5zFxNIV3WrjQ6fkGYzeo3ksV2iK1WH4NoIZdXETRBEmP7z65 zGWHK+oDbs8yeAJjnFxCCXcs82prJ6A0e/uTUYZrtRwNCg+j5UxBhfQxLerXlroAylb5g5 QhVBAtHXLHWGyOEazY+W9G6q6Z0qNgetUxEjBJrJg5e0hUSy/42dXGArkHtvTQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701814527; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=QdFn04QaMFZNyH0Y8HhHV2atxf6Ylu2aTgG0F2nnsBs=; b=KmDBI13BCnDKyLYx1SE02lDbypjZggK3m20OuY7Y9X3MRrN97BwtNkIC+buZDfeIa00paJ 93nnwJs1NnAZuelltevHCyiDJWVtCnolwUKIMYKK8StMK8QI2sTt23Mb2CmrKiijg8fUTi sMdz4FdHiJJ+GacLUBm462YhdUlDG833rpnZkP6tY23aSfcCBxWZLvW9h2W10t1HVWgJFk aEtc1yxoHtEJ2QR3q6GQVAsVJ+cyIrIjMtoZiToJBvFK5n1UCyFJlVrmizs59FzZV2nEJA b/SpTQyyPX/TWttoS32xXUHOz2w2NediluKXiGNZ84f9+kUh0MfdO5v2CO/BVw== Received: by freefall.freebsd.org (Postfix, from userid 945) id AFBB714DC5; Tue, 5 Dec 2023 22:15:27 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:17.pf Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20231205221527.AFBB714DC5@freefall.freebsd.org> Date: Tue, 5 Dec 2023 22:15:27 +0000 (UTC) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:17.pf Security Advisory The FreeBSD Project Topic: TCP spoofing vulnerability in pf(4) Category: core Module: pf Announced: 2023-12-05 Credits: Yuxiang Yang, Ao Wang, Xuewei Feng, Qi Li and Ke Xu from Tsinghua University Affects: All supported versions of FreeBSD. Corrected: 2023-12-05 18:24:35 UTC (stable/14, 14.0-STABLE) 2023-12-05 18:26:28 UTC (releng/14.0, 14.0-RELEASE-p2) 2023-12-05 18:25:22 UTC (stable/13, 13.2-STABLE) 2023-12-05 18:28:12 UTC (releng/13.2, 13.2-RELEASE-p7) 2023-12-05 18:31:13 UTC (stable/12, 12.4-STABLE) 2023-12-05 18:38:14 UTC (releng/12.4, 12.4-RELEASE-p9) CVE Name: CVE-2023-6534 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background pf(4) is an Internet Protocol packet filter originally written for OpenBSD. pf implements TCP state tracking, wherein it maintains metadata for each TCP connection tracked by the firewall and uses this metadata to decide whether to accept or reject packets matching the connection identifiers. II. Problem Description As part of its stateful TCP connection tracking implementation, pf performs sequence number validation on inbound packets. This makes it difficult for a would-be attacker to spoof the sender and inject packets into a TCP stream, since crafted packets must contain sequence numbers which match the current connection state to avoid being rejected by the firewall. A bug in the implementation of sequence number validation means that the sequence number is not in fact validated, allowing an attacker who is able to impersonate the remote host and guess the connection's port numbers to inject packets into the TCP stream. III. Impact An attacker can, with relatively little effort, inject packets into a TCP stream destined to a host behind a pf firewall. This could be used to implement a denial-of-service attack for hosts behind the firewall, for example by sending TCP RST packets to the host. IV. Workaround No workaround is available. Systems which do not use pf(4) are unaffected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platfrom on FreeBSD 13 and earlier, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-23:17/pf.patch # fetch https://security.FreeBSD.org/patches/SA-23:17/pf.patch.asc # gpg --verify pf.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ a47a44c0d69c stable/14-n265915 releng/14.0/ 0019b7058a7a releng/14.0-n265395 stable/13/ ee1d1e38fae6 stable/13-n256844 releng/13.2/ 45e256e24c97 releng/13.2-n254647 stable/12/ r373284 releng/12.4/ r373287 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWsACgkQbljekB8A Gu8kgxAA0SNvDNzfrivMBDrp3s4q86rLLsDSe3DN4kc+Rtid4R2tf/AzjSO7BVcg O3jvzXtx5RdX+udEbwK26ej+B2N2JCR4L5UC2N0ECo5ECdVd7jCZ5yty9CRawAeE cZZoT028eWeDCMrMI35iO4HTZeT0zF0lER1gTlogQbTzCu4uODSjPvOat/bilmh/ VaXI2ofiVrOpwjhq4t7ksTUK6O0g7LogDF/CEhj1ohEULtHCIDomm+9JuN86CFxJ T0Zd5nePCGMhQBewXir25XFKTFOOAOVGRy79Otx5+gPEg9SucWlwBxMwmhASAHPO 60SCWUt95q/5C2OCyWoFhi6H7303YvinFKO/3FCx9/iTxAh/O86y1d2CU8PRStzk 0kPOoN9fnXP2P27+o0q0Uqn9AiViRWMHC99nM1w6Kxz7wTSvs0dMGrLRQENRs7YF +9Zte+1yqsi/gcWsDkoTJstCJ8E2hjn/h12/LSZyLY3D3qNSdczFWauhIOQFTloj 8MHmzLGUBvWpQNWair4+mb5TpXVuJfFW3XBcQ2XGkUnT0Ws8hU0W/Lxef+wrNHFh aPvT5rF683RH7qX8cnJGkMgPPI4/CTS+U+WePlAITumND8gf/jHaa3qourqLkmSM XV8+9LIVfPimjFDmqpbyi6QxdWo834KP83c8TmzLDNUgEXe9L/k= =s8QG -----END PGP SIGNATURE----- From nobody Sat Dec 9 15:24:17 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SnWyG381zz548jP; Sat, 9 Dec 2023 15:24:22 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SnWyF5XJSz3ZZ8; Sat, 9 Dec 2023 15:24:21 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=bHo7nvAe; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::329 as permitted sender) smtp.mailfrom=grahamperrin@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-40c26a45b2dso16858305e9.1; Sat, 09 Dec 2023 07:24:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702135460; x=1702740260; darn=freebsd.org; h=content-transfer-encoding:in-reply-to:autocrypt:from:cc:references :to:content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=VjpYl0rXruhPMUWL9g3EqmViUC3GlUv9qVmiHuQKsMQ=; b=bHo7nvAeTq50aj3Ay9pt5dDeA0L7PB4h6P4Ia7SGUt6giFKFmgmxdiOseN845uvj6Z zKAbiMQC0yfSBhyNXo2VCSAY2ARi1M6qtcnm2F4dk+ee1yfHUd8088lw0a+gbBjnuQVN FF0XZVpk51T9iXxdv5fHqIEy6iv4IrtvE4+N6Nj5XvYw+II7/rO2R6EkvKO/e7LUwHDx re77hGKyQa+kUdXOa7pBNnv9KCpUlT1MUT5o9J9xJgS8n1hJJwCnuT5kdMxdJkpMA9bE mtRnWOQ02KZqpmEte9+/qMO5H/SnzWUVzD4HAsfM4Ve5GYn/XbS9JKsIm+1PUbFIqvtj EljA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702135460; x=1702740260; h=content-transfer-encoding:in-reply-to:autocrypt:from:cc:references :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VjpYl0rXruhPMUWL9g3EqmViUC3GlUv9qVmiHuQKsMQ=; b=UW39P/YRwhLEQp6jcPmCNQOoN1XRniKsEHGJWX8N/8nK+CJu0W1fO57q+qUUGMyNjq +sdJeZA6rqkyupWCRJH1ttgr14DbBVTSMUmq6B1YASIz8+dxLI5Hh6WvJx3Ivu0zGZWH 4C0heeJbYGjUw24lSNO4S7xIA2CnkTJYF0k0+WKvvWn3ELhZRxsSoB8S/YNNNNQYm/s5 y3g4mZhRQf7rYyAWB4X5YECAqs24SwsBnNAXXyRt9+me7HEiPEDqM1+4SiDvAzlw/GnJ DsYYjREIAWIXw+DsWuj7rk9qf830y01rBTAZVnO6i7wfxE7oZeCaHHlQE4KNpyjGI4nw 6SGQ== X-Gm-Message-State: AOJu0YwpG/Gljlmz59xd+4eBEjdtra3cruubyf5AiM1UkTcE9+INQXVC 0WMmUrnCvk/3GoTlvf8pA7AkfCBnt0oIRw== X-Google-Smtp-Source: AGHT+IH48y6VD2rDurRlRuGCno/tCMQSI6pT/pk1RleSyWkpmmwoPInv+1j0HKEhgp9Zmn2uLwTC5w== X-Received: by 2002:a05:600c:3b99:b0:40b:5e26:237b with SMTP id n25-20020a05600c3b9900b0040b5e26237bmr870354wms.44.1702135459559; Sat, 09 Dec 2023 07:24:19 -0800 (PST) Received: from [192.168.1.10] (host-2-100-164-166.as13285.net. [2.100.164.166]) by smtp.gmail.com with ESMTPSA id bd21-20020a05600c1f1500b0040c25abd724sm9228835wmb.9.2023.12.09.07.24.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 09 Dec 2023 07:24:19 -0800 (PST) Message-ID: <839aef0f-f087-4cd5-bcfe-6342560a1c0d@gmail.com> Date: Sat, 9 Dec 2023 15:24:17 +0000 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: FreeBSD stable/13 end of life (was: FreeBSD 12.4 and stable/12 branch end-of-life) Content-Language: en-GB To: freebsd-security@freebsd.org References: <20231206220634.62F65176B5@freefall.freebsd.org> Cc: FreeBSD-STABLE From: Graham Perrin Autocrypt: addr=grahamperrin@gmail.com; keydata= xsFNBGKYt7ABEAClu83dJ3ZKfVgPOk9YKRv0Z+dl2b88+k9R4vwAmElgguYdKE7yhnQNhhWM v9vi6AFrBMc2oJdVHJ2OrXfwpELBFIgiSMEWNsC4e+Z3HtSajcl+pFZsP7ciiSoycj/w3wIV kAZoVGbhyIbNG7fbCEJ8q81TbfsGypV3bRmbZVvGNecBguYiooBtz2Qht1p3itXMkIA6P9pS YDl+6QddZLyUUAjAnFv2QDoYSHLnaDUWw4oONZsB0SKVu8jMIBh4uJZoYEOvdvc9jQQdOpA2 CAgA6ulfm42Ikr9lKBUUCtjqiWAhJ7iXOTyHAIdR4Mf8alCE6tdTq6dHdIt+GktTY7oYNyL2 3aD3C7I5waU0SFXvJcOMG10QLfwYQMOQoYQ9XJ0U5A28WYiDcylDdUWT7SappP1e1ZMeJWWO y14mxxNzHaJSI4rK8P/p5tp3Q7SSC4k5gMh9zKba3K2ApCWNbVLGvXsJeQkZZNvu70tE81ey AHI5iZcB6D7WaHysBUmsKaEpbcmm1ZThTnGL0SHEl5to5Jab5Fg6O+Cnly5sVz5lX/v8Aosx kKNei7SCVqXOVtteQeGxWbXWbhPgbMyc0Gi3DuxBI/yvJ43k/rJysQlLGLWfJx/UXprwLluC PDK9EvKEB+fD1Z349uzp1sKr3ihpySbyKI8fpudftnAz4EsoCwARAQABzSZHcmFoYW0gUGVy cmluIDxncmFoYW1wZXJyaW5AZ21haWwuY29tPsLBlAQTAQoAPhYhBFk/5bLDBwftvJcvCrdn SG9KGNQLBQJimMMBAhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4FAheAAAoJELdnSG9K GNQLbHAQAJi998y42bEbq5HmABYovmAEtQj33YSUWyc9QRmAHpN8Er3lTKsgmZcVChB5Fu/d go2oYynDjlVpA7+wiSmg4AG78mOYbg/e19XMhrH0keDKqZXFkU+G7agR0mF09qvpQZ9MTJYZ 2u7FtytZK665UfipOdV8eGn2hFC/WynjUwEzKyryBgbbLAEbfOPeZNry4h2ZPWbtTvx/PE/V X3Vh2oGqYx69DCGz+0xEhy62ZKbkX5SL8LUf/1WViyCVzsHasFxmFxYPWIfBy8ayQ7xapz7M cSXSQyu4oDT4qh9eZiGP9/aAcZKHcV6t9y77JGhUJ/5O1sANKMa3YhgimE+Z86LHYa1IH774 PHj1nAXBwS+Cj/1l/NQoQcyjvOj8zuCsMJVaLMb6B46YsReP4+3yBLpyeBC//t6zWPbgAkWW VjROC0dXUAMTFpnA6NZe3UghG+Nc4fnCLGOhc2nyWFYHIaYV6Hv1ITFSem9DdeNnR1CFm1VM TJ7i7TuqYM+WZTkoUsTf4c46hS/ZNJZSCxh0s9yYr+BYk3XBbd+ElaZ1dJE6cuSVdw15+P2h DnprurxC4byl4YFkn+UAVvQsOgeq6aSHLOHX0weYu1OLoiPYsTdyGhne72+kDhEEdFD5aHdQ PFrbQIrqWLV0a04++0ZwGpNvXtgnWhDdAQJDwGsSSwbLzsFNBGKYt7ABEADRb1tZuh7DPYET 0wK6fe7owbYgM+RfKhmcrGgR2HI9M2q6+0WKF/ITnggWdIW2Ecc4z2boLz/cwvPGCS7/YxZM 61KklGCwuS7q1s04XnHDWHuFxfXQPzAdVmNO3bYoMZbJjHXs6sB2u5ksiwPwaMAWWaGkviSj c5pwvHCiTmX5vH5CBj/Vi+5ESyX38vK4JM5S/m4ouI/6M9biyFgimV+v3vVyCxJCT1gI9g4o GIh1qq5S433b1fihn4yHPf8XOKyBpA/QcwLONViBqJL5nnOxpsh344rNxn2R7CcRzzicOV+e 2IbMem4lwNWQlZKoRotKXZi9LqN5mynSBYqAUdoZum0QinWT9F22B0Qex5PH1zAt9i2W91Vd kcPB3LwkRXj07ycRtsSzpgPA6fLc6AsoWFslHl8kVOO5eJIA4xhjlPa+W8lguQHZ0iX+5uAv 2eAgXR2swADuHPuENNFStmsgAMl8OOOgtq75yA5TpyIzxMuXV9Nmp0VfIaUM/IdLdmxhc1pC c320l5fYMHVLFAReWEbSj2QH8YzWfpXHIegutWWYEbH9SiDXgS9KoKmCJV/Qa+x6/b8y3pOZ vnIbCDaynC2Yr50s8gRa9kb54JE8Z+p8r16U3SEsK3PtUi0RF0e51danCVHrrE6/Hat2XUO/ 6nnYgVgFOrLao6Gh/VMs8wARAQABwsF8BBgBCgAmFiEEWT/lssMHB+28ly8Kt2dIb0oY1AsF AmKYt7ACGwwFCQWjmoAACgkQt2dIb0oY1Av7qg//YjCZg8VXyMzXssgIQpROKKqh5V0UBSQl rM3tq4tWhyg0HVMugQj0Om+iNPsEEOGHkm6tyhHMzlKGpAc/l0iAM+8twIyg44Yo5+DcfFXr OMTbTw9T9jDsWOkOBksxy29iYhgpqpWdDBnhXvrJp/FNAiX8CfzrIOZeFPydDoEiKBEXAxfe a9o5J/JeVnZiUeoiFe7i68nZGsb4JxhPczNfqW12t0Ll5/ibjszg5BgjXiLao0KqbWNh4bS5 CVwH90Or+5qqWgzWPeBiuz+rN2QXE/V/fL44GEj1YKASCqmaiYRgjoRFubz1aq1wCXMXY3Iq d4525rscUgS7HBxbblnyTodUPaamN/2nSzcmE/Pkx8MApDSgZCIhs0RTAg+/AoX4HULV1rSE TQwMrBEQt84Tw5W5rHsvXKr4ZEsJUpbPLWYTISsp23nHR+vZtL/Ug+OWCmHC7X7D21xk/xVJ 4sA1RLJBKdCHtnyA4Unv/kNS1KVGxHnITVyw1a71QJADu4qsdtM5u6CyYUhqhM1oseWtV6j+ Qi8KC/G4C3AgZf06fe2fVl42z2grTabL4bC6FQXMwTX2dsm5NakWjUCmUL8uwsQE7ZA4zKxo EYI1YV9q1birpzncYRupr1qnMoggMUHWq0IBYshFQrEO8PeVUZBw7/GfAeh3argdw2Qu748T Cyw= In-Reply-To: <20231206220634.62F65176B5@freefall.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Result: default: False [-3.90 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.91)[-0.908]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; FREEFALL_USER(0.00)[grahamperrin]; FROM_HAS_DN(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::329:from]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org,freebsd-stable@freebsd.org]; DKIM_TRACE(0.00)[gmail.com:+]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4SnWyF5XJSz3ZZ8 X-Spamd-Bar: --- On 06/12/2023 22:06, FreeBSD Security Officer wrote: > ⋯ > > After December 31, the supported branches and releases, along with their > expected end-of-life dates, will be: > > +--------------------------------------------------------------------------+ > |   Branch    |   Release    |  Release Date     |      Estimated > EoL      | > +-------------+--------------+-------------------+-------------------------+ > | stable/14   | N/A          | N/A               | November 30, > 2028       | > +-------------+--------------+-------------------+-------------------------+ > | releng/14.0 | 14.0-RELEASE | November 20, 2023 | 14.1-RELEASE + 3 > months | > +-------------+--------------+-------------------+-------------------------+ > | stable/13   | N/A          | N/A               | January 31, > 2026        | > +-------------+--------------+-------------------+-------------------------+ > | releng/13.2 | 13.2-RELEASE | April 11, 2023    | 13.3-RELEASE + 3 > months | > +--------------------------------------------------------------------------+ > > Please refer to https://security.freebsd.org/ for an up-to-date list of > supported releases and the latest security advisories. > > The FreeBSD Security Team Hi Via the linked page, which redirects, the table of supported releases is incorrect. Please see comments 4—6. Kind regards Graham