From owner-freebsd-security  Mon Nov  2 14:38:10 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA19186
          for freebsd-security-outgoing; Mon, 2 Nov 1998 14:38:10 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA19178
          for <FreeBSD-security@freebsd.org>; Mon, 2 Nov 1998 14:38:07 -0800 (PST)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0zaSbg-0002YZ-00; Mon, 2 Nov 1998 15:37:52 -0700
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id PAA16222; Mon, 2 Nov 1998 15:37:33 -0700 (MST)
Message-Id: <199811022237.PAA16222@harmony.village.org>
To: bow <bow@bow.net>
Subject: Re: [rootshell] Security Bulletin #25 (fwd) 
Cc: FreeBSD-security@FreeBSD.ORG
In-reply-to: Your message of "Sun, 01 Nov 1998 14:54:57 PST."
		<199811012254.OAA29528@bow.net> 
References: <199811012254.OAA29528@bow.net>  
Date: Mon, 02 Nov 1998 15:37:33 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

Just so everyone knows, this advisory was only a draft advisory and
was cancelled over the weekend.  I saw the original advisory and
checked stuff in based on it, since generally changes like this are
good and can't hurt anything.  After I checked in the fixes to ssh, I
discovered that it had been determined that there was no way of
exploiting this buffer call because all the places that called it had
bounds checking.

Given that the changes I made don't hurt anything, I'm going to leave
them in for now.

Warner

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBNj40Kdxynu/2qPVhAQFHRQP9FE//4+CBcUQcZAyKZCMsPNPXu2aiihlx
NnoD3vkxtCtkopxaTIVeadtcqMdKpVuhLSK2ChrCnZNtpHu4lE/ZImiUQj5WXyyr
klHlR+rY8tNHQFf9xtlVNcqULYx/wkJCLJSCknlzUA+/xblhUlR2n64ctvodRI40
ESNEjlOFBwA=
=aOA4
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message