From owner-cvs-all@FreeBSD.ORG  Thu Nov 29 21:12:12 2007
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: by hub.freebsd.org (Postfix, from userid 1033)
	id C5D0F16A421; Thu, 29 Nov 2007 21:12:12 +0000 (UTC)
Date: Thu, 29 Nov 2007 21:12:12 +0000
From: Alexey Dokuchaev <danfe@FreeBSD.org>
To: "Simon L. Nielsen" <simon@FreeBSD.org>
Message-ID: <20071129211212.GA43802@FreeBSD.org>
References: <200711291608.lATG8s7Q067912@repoman.freebsd.org>
	<20071129180038.GA598@FreeBSD.org>
	<20071129202334.GA1160@zaphod.nitro.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20071129202334.GA1160@zaphod.nitro.dk>
User-Agent: Mutt/1.4.2.1i
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/contrib/tar/src misc.c src/sys/dev/random
	yarrow.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Nov 2007 21:12:12 -0000

On Thu, Nov 29, 2007 at 09:23:35PM +0100, Simon L. Nielsen wrote:
> On 2007.11.29 18:00:38 +0000, Alexey Dokuchaev wrote:
> > On Thu, Nov 29, 2007 at 04:08:54PM +0000, Simon L. Nielsen wrote:
> > > simon       2007-11-29 16:08:54 UTC
> > > 
> > >   FreeBSD src repository
> > > 
> > >   Modified files:        (Branch: RELENG_5)
> > >     contrib/tar/src      misc.c 
> > >     sys/dev/random       yarrow.c 
> > >   Log:
> > >   Correct a random value disclosure in random(4). [07:09]
> > >   
> > >   Correct a gtar directory traversal vulnerability. [07:10]
> > >   
> > >   Security:       FreeBSD-SA-07:09.random
> > >   Security:       FreeBSD-SA-07:10.gtar
> > 
> > Is 4.x vulnerable?
> 
> For gtar, very likely.

Yeah, I've seen jhb@ had fixed it in RELENG_4.

> has older random code which isn't affected (at least I seem to recall
> it was different)..

OK.

./danfe