From owner-freebsd-security@FreeBSD.ORG  Sat Apr 19 10:02:32 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BB7CF266;
 Sat, 19 Apr 2014 10:02:32 +0000 (UTC)
Received: from chronos.org.uk (vps.chronos.org.uk [IPv6:2001:470:1f09:cbf::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "chronos.org.uk", Issuer "CA Cert Signing Authority" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 70FFA12D0;
 Sat, 19 Apr 2014 10:02:32 +0000 (UTC)
Received: from workstation1.local.chronos.org.uk
 (workstation1.local.chronos.org.uk [IPv6:2001:470:1f09:12b::20])
 (authenticated bits=0)
 by chronos.org.uk (8.14.7/8.14.7) with ESMTP id s3JA2KhF047708
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
 Sat, 19 Apr 2014 11:02:22 +0100 (BST)
 (envelope-from matt@chronos.org.uk)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98.1 at vps.chronos.org.uk
DKIM-Filter: OpenDKIM Filter v2.8.3 chronos.org.uk s3JA2KhF047708
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chronos.org.uk;
 s=mail; t=1397901742;
 bh=sTEqPWf6IFwbKZ5VUu0PtN4wsSbSxpUCoD8ccAGX2ew=;
 h=Date:From:To:Subject:In-Reply-To:References;
 b=XqvILqGtB9K5+jSwEdcKZ14Tkqu6x5J/paz6ns/tztIz7JWSpYwQqsOpe857meO91
 qExjNkJf8fTws90EPSSEfRrh3AKkflqT3KBLeCPveBA5ixEYYeNH1WSVoDkVyzsFNc
 EKdJvbbpneHJwm1AezyHys8YQUHS+ymk3LjTMziM=
Message-Id: <201404191002.s3JA2KhF047708@chronos.org.uk>
Date: Sat, 19 Apr 2014 11:02:03 +0100
From: Matt Dawson <matt@chronos.org.uk>
To: Bryan Drewery <bdrewery@FreeBSD.org>, Jamie Landeg-Jones
 <jamie@dyslexicfish.net>, <freebsd-security@freebsd.org>
Subject: Re: De Raadt + FBSD + OpenSSH + hole?
In-Reply-To: <53522186.9030207@FreeBSD.org>
References: <534B11F0.9040400@paladin.bulgarpress.com>
 <201404141207.s3EC7IvT085450@chronos.org.uk>
 <201404141232.s3ECWFQ1081178@catnip.dyslexicfish.net>
 <53522186.9030207@FreeBSD.org>
X-Face: ZC(F49t2uSJE}/7#!TBN:A\3:0wCZNx7YbLr6|9~$^!V&Q,
 q&]T:H>?\|ZZUt:{]iKK'f.(
 g-{z6!F@Wt#^bC-X8J4ZW2}RKBA"ak_zQMGw\YT"R%aL+?k<tX}2>k_mnXchE8VSy^<7I5]Z@p/\B.
 h"4xoqXS)n^eTJL4BeAz1&b`_Jwb\s3M626%1{X4s>A>56]Sn$b0nRFhfrTk]]Njd|!O
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: base64
X-Spam-Status: No, score=-98.5 required=3.0 tests=BAYES_00,
 DATE_IN_FUTURE_48_96,MIME_BASE64_TEXT,MISSING_MID,RP_MATCHES_RCVD,
 USER_IN_WHITELIST autolearn=ham autolearn_force=no version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on vps.chronos.org.uk
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Apr 2014 10:02:32 -0000

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMQ0KDQpPbiBTYXQs
IDE5IEFwciAyMDE0IDAyOjExOjAyIC0wNTAwDQpCcnlhbiBEcmV3ZXJ5IDxiZHJld2VyeUBGcmVl
QlNELm9yZz4gd3JvdGU6DQoNCj4gQXMgdGhlIG1haW50YWluZXIgb2YgdGhlIHBvcnQgSSB3aWxs
IHNheSB0aGF0IHlvdXIgc2VjdXJpdHkgZGVjcmVhc2VzDQo+IHdpdGggZWFjaCBPUFRJT04vcGF0
Y2ggeW91IGFwcGx5LiBJIHJlYWxseSB3b3VsZCBub3QgYmUgc3VycHJpc2VkIGlmDQo+IG9uZSBv
ZiB0aGUgb3B0aW9uYWwgcGF0Y2hlcyBhdmFpbGFibGUgaW4gdGhlIHBvcnQgaGFkIGlzc3Vlcy4N
Cg0KSW4gYWxsIGhvbmVzdHksIGNvZGUgaXMgbm93IHNvIGNvbXBsZXggdGhhdCB0aGVyZSBhcmUg
YWx3YXlzIGdvaW5nIHRvDQpiZSBpc3N1ZXMgdGhhdCB3b24ndCBiZWNvbWUgYXBwYXJlbnQgdW50
aWwgYW4gZXhwbG9pdCBpcyBmb3VuZC4gVGhlc2UNCmFyZSB0aGUgcmlza3Mgd2UgdGFrZSB3aGVu
IGFsbG93aW5nIHN5c3RlbXMgdG8gY29tbXVuaWNhdGUuIFRoZSBwZW9wbGUNCmZvbWVudGluZyBk
aXNjb3JkIGFyZSBzaW1wbHkgdGFraW5nIGFkdmFudGFnZSBvZiB0aGUgc2l0dWF0aW9uIHRvDQpp
bmZsYXRlIHRoZWlyIGVnb3MgYW5kIGZvbGxvdyBvdGhlciBhZ2VuZGFzLCB3aGV0aGVyIHRoYXQg
YmUgYXR0YWNraW5nDQpvcGVuIHNvdXJjZSwgYXR0YWNraW5nIEZyZWVCU0QsIGp1c3RpZnlpbmcg
dGhlaXIgb3duIGV4aXN0ZW5jZSBvcg0Kc2ltcGx5IGRldmlsdHJ5LiBPaCwgYW5kIGl0IG1ha2Vz
IGZvciBnb29kIGNvcHksIG9mIGNvdXJzZS4gV291bGRuJ3QNCndhbnQgcGVvcGxlIHRvIGZvcmdl
dCB5b3UncmUgdGhlcmUsIGVoPw0KDQpBbGwgd2UgYXMgdXNlcnMgY2FuIGRvIGlzIGFwcGx5IGNv
bW1vbiBzZW5zZSB3aGVuIGRlcGxveWluZyBjcml0aWNhbA0Kc2VydmljZXMgc3VjaCBhcyB0aGVz
ZSBhbmQgcmVkdWNlIHRoZSBhdHRhY2sgdmVjdG9yIHN1cmZhY2UgYXJlYSAocmUNCkJyeWFuJ3Mg
bm90ZSBvbiB0aGUgcG9ydCBvcHRpb25zKSBhcyBtdWNoIGFzIHBvc3NpYmxlLiBBc3N1bWUgaXQg
aGFzDQpob2xlcywgZGVwbG95IG9uIHRoYXQgYmFzaXMsIGluc3RhbGwgZGlnaXRhbCByb3R0d2Vp
bGVyICh3aG8gbWF5IGFsc28NCmhhdmUgaG9sZXMgYnV0LCBwbGVhc2UgJERFSVRZLCBub3QgdGhl
IHNhbWUgb25lcykgdG8gbWl0aWdhdGUuDQoNClByYWdtYXRpc20gc2hvdWxkIGJlIGEgcmVxdWly
ZWQgZGlzY2lwbGluZS4NCi0gLS0gDQpTYWZlciBhbHRlcm5hdGl2ZSB0byBzbW9raW5nIHVuZGVy
IHRocmVhdCBmcm9tIG92ZXItcmVndWxhdGlvbg0KZHVlIHRvIHBzZXVkby1zY2llbmNlIGFuZCBw
dXJpdGFuaXNtLiBQbGVhc2UgaGVscCBrZWVwIHBlcnNvbmFsDQp2YXBvdXJpc2VycyBhdmFpbGFi
bGUgZm9yIGV4IGFuZCBwb3RlbnRpYWwgZXgtc21va2VycyBhdCANCmh0dHA6Ly93d3cuZWZ2aS5l
dS8gYnkgc2hvd2luZyB5b3VyIHN1cHBvcnQgZm9yIHRoaXMgY2l0aXplbnMnDQppbml0aWF0aXZl
LiANCi0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2Mi4wLjIy
IChGcmVlQlNEKQ0KDQppRVlFQVJFQ0FBWUZBbE5TU2FJQUNna1FBbVQ5dVk4ZXVpSnk2d0NnaTgz
TEJZZDVyWVRXT2tYZFRVK0pkOFJXDQpTNDRBb0tUZkRuYjVYS3NwTDNQOVluVmN1VjhQK0lxTw0K
PWV6RWMNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K