Date: Tue, 21 Nov 2000 01:14:26 -0800 From: Kris Kennaway <kris@FreeBSD.org> To: Trevor Johnson <trevor@jpj.net> Cc: security-officer@FreeBSD.org, security@FreeBSD.org Subject: Re: New security policy for FreeBSD 3.x Message-ID: <20001121011426.A96416@citusc17.usc.edu> In-Reply-To: <Pine.BSI.4.21.0011210347230.17837-100000@blues.jpj.net>; from trevor@jpj.net on Tue, Nov 21, 2000 at 04:02:13AM -0500 References: <20001121003406.A95525@citusc17.usc.edu> <Pine.BSI.4.21.0011210347230.17837-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 21, 2000 at 04:02:13AM -0500, Trevor Johnson wrote: > > This is untrue - we were informed by Jouko Pynonnen on 2 Oct 2000, > > which is about the time it hit bugtraq, it was fixed 7 days later by > > the vendor and we imported it 2 days after that. You must be referring > > to some other problem. >=20 > It was only meant as an example, but: a buffer overflow bug in > libncurses, which had to do with malicious settings of the TERMCAP > environment variable, was reported in April on Bugtraq > (http://www.securityfocus.com/archive/1/56721), and FreeBSD was said to be > affected. I assumed that the recent ncurses advisory was supposed to > cover it. FreeBSD-SA-00:17.libmytinfo.asc Kris --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoaPPIACgkQWry0BWjoQKVjdQCgoDugiDxE2zpz2tGpum98ijkR 3JwAn0Q+QtpdYNllWUnbjBAW/5JVs5rm =HWN0 -----END PGP SIGNATURE----- --DocE+STaALJfprDB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001121011426.A96416>