From owner-freebsd-security@FreeBSD.ORG  Wed Feb  4 18:58:44 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E3F5016A4CE
	for <freebsd-security@freebsd.org>;
	Wed,  4 Feb 2004 18:58:44 -0800 (PST)
Received: from filter.mimos.my (filter.mimos.my [192.228.137.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3488343D39
	for <freebsd-security@freebsd.org>;
	Wed,  4 Feb 2004 18:58:43 -0800 (PST)	(envelope-from sazli@jaring.my)
Received: from ew.mimos.my (localhost.localdomain [127.0.0.1])
	by filter.mimos.my (8.11.6/8.11.6) with ESMTP id i152wfE19717
	for <freebsd-security@freebsd.org>; Thu, 5 Feb 2004 10:58:41 +0800
Received: (from root@localhost)
	by ew.mimos.my (8.12.8p2/8.12.3) id i152wfdB085234
	for freebsd-security@freebsd.org; Thu, 5 Feb 2004 10:58:41 +0800 (MYT)
	(envelope-from sazli@jaring.my)
Received: from mib65.nat.mimos.my (mib65.nat.mimos.my [10.1.26.65])
	by ew.mimos.my (8.12.8p2/8.11.6) with ESMTP id i152wfoi085031
	for <freebsd-security@freebsd.org>;
	Thu, 5 Feb 2004 10:58:41 +0800 (MYT)	(envelope-from sazli@jaring.my)
Date: Thu, 5 Feb 2004 10:58:30 +0800 (MYT)
From: Syahrul Sazli Shaharir <sazli@jaring.my>
X-X-Sender: sazli@localhost
To: freebsd-security@freebsd.org
Message-ID: <20040205103946.W1640@localhost>
MIME-Version: 1.0
X-scanner: scanned by Inflex 1.0.10 - (http://pldaniels.com/inflex/)
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Status Check: CVE CAN-2004-0002
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Feb 2004 02:58:45 -0000

Hi,

Just want to ask about the status of this:-

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002

>From list archives I gather the fix is still under refinement (but
committed (and removed?) in HEAD and RELENG_5_2).

One paranoid little shop is running a public web server on RELENG_4_9, and
contemplating this patch:-

http://marc.theaimsgroup.com/?l=freebsd-cvs-all&m=107358506010148&w=2

Before I go ahead, any new developments on this?

Thanks.

--sazli
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x270BD43E
Key fingerprint: 47F4 6E37 48D2 5FF1 8C67  A14F D7B5 05F8 270B D43E