Date: Tue, 21 Nov 2000 04:02:13 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: Kris Kennaway <kris@FreeBSD.org> Cc: security-officer@FreeBSD.org, security@FreeBSD.org Subject: Re: New security policy for FreeBSD 3.x Message-ID: <Pine.BSI.4.21.0011210347230.17837-100000@blues.jpj.net> In-Reply-To: <20001121003406.A95525@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> This is untrue - we were informed by Jouko Pynonnen on 2 Oct 2000, > which is about the time it hit bugtraq, it was fixed 7 days later by > the vendor and we imported it 2 days after that. You must be referring > to some other problem. It was only meant as an example, but: a buffer overflow bug in libncurses, which had to do with malicious settings of the TERMCAP environment variable, was reported in April on Bugtraq (http://www.securityfocus.com/archive/1/56721), and FreeBSD was said to be affected. I assumed that the recent ncurses advisory was supposed to cover it. > However, your general point is taken and it's something we'll > consider. Thank you. -- Trevor Johnson http://jpj.net/~trevor/gpgkey.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.4.21.0011210347230.17837-100000>