From owner-freebsd-security@FreeBSD.ORG  Tue Nov 20 10:49:24 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: FreeBSD-security@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 4F790963
 for <FreeBSD-security@FreeBSD.org>; Tue, 20 Nov 2012 10:49:24 +0000 (UTC)
 (envelope-from john.bayly@tipstrade.net)
Received: from intra.tipstrade.net (unknown [IPv6:2a01:348:2c2:100::3])
 by mx1.freebsd.org (Postfix) with ESMTP id 0C2CB8FC08
 for <FreeBSD-security@FreeBSD.org>; Tue, 20 Nov 2012 10:49:23 +0000 (UTC)
Received: from intra.tipstrade.net (localhost [127.0.0.1])
 by intra.tipstrade.net (Postfix) with ESMTP id C741FDB9D3A
 for <FreeBSD-security@FreeBSD.org>; Tue, 20 Nov 2012 10:49:14 +0000 (GMT)
Received: from [192.168.0.30] (unknown [192.168.0.30])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: john.bayly@tipstrade.net)
 by intra.tipstrade.net (Postfix) with ESMTPSA id AB1FDDB9C71
 for <FreeBSD-security@FreeBSD.org>; Tue, 20 Nov 2012 10:49:14 +0000 (GMT)
Message-ID: <50AB6029.4090608@tipstrade.net>
Date: Tue, 20 Nov 2012 10:49:13 +0000
From: John Bayly <john.bayly@tipstrade.net>
User-Agent: Mozilla/5.0 (X11; Linux i686;
 rv:16.0) Gecko/20121028 Thunderbird/16.0.2
MIME-Version: 1.0
To: FreeBSD-security@FreeBSD.org
Subject: Clarrification on whether portsnap was affected by the 2012 compromise
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Mailman-Approved-At: Tue, 20 Nov 2012 11:47:27 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2012 10:49:24 -0000

Regarding the 2012 compromise, I'm a little confused as to what was and
wasn't affected:

>From the release:
> or of any ports compiled from trees obtained via any means other than
> through svn.freebsd.org or one of its mirrors
Does that mean that any ports updated using the standard "portsnap
fetch" may have been affected, I'm guessing yes.

Many thanks,
John