From owner-freebsd-security  Tue Nov 26 00:34:52 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA25673
          for security-outgoing; Tue, 26 Nov 1996 00:34:52 -0800 (PST)
Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA25665;
          Tue, 26 Nov 1996 00:34:48 -0800 (PST)
Received: (from nobody@localhost) 
	by gw-nl1.philips.com (8.6.10/8.6.10-0.994n-08Nov95) id JAA20426; Tue, 26 Nov 1996 09:34:42 +0100
Received: from unknown(130.139.36.3) by gw-nl1.philips.com via smap (V1.3+ESMTP) with ESMTP
	id sma020353; Tue Nov 26 09:34:08 1996
Received: from spooky.lss.cp.philips.com (spooky.lss.cp.philips.com [130.144.199.105]) 
	by smtprelay.nl.cis.philips.com (8.6.10/8.6.10-1.2.1m-961122) with ESMTP id JAA08156; Tue, 26 Nov 1996 09:34:07 +0100
Received: (from guido@localhost) 
	by spooky.lss.cp.philips.com (8.6.10/8.6.10-0.991c-08Nov95) id JAA21795; Tue, 26 Nov 1996 09:34:08 +0100
From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com>
Message-Id: <199611260834.JAA21795@spooky.lss.cp.philips.com>
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr
To: fenner@parc.xerox.com (Bill Fenner)
Date: Tue, 26 Nov 1996 09:34:08 +0100 (MET)
Cc: security-officer@freebsd.org, freebsd-security@freebsd.org
Reply-To: Guido.vanRooij@nl.cis.philips.com
In-Reply-To: <96Nov25.191950pst.177711@crevenia.parc.xerox.com> from Bill Fenner at "Nov 25, 96 07:19:39 pm"
X-Mailer: ELM [version 2.4ME+ PL19 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Bill Fenner wrote:
> In message <199611252218.XAA11972@gvr.win.tue.nl> security-officer wrote:
> >Affects:	FreeBSD 2.*
> >Corrected:	FreeBSD-current as of 1996/10/27
> >		FreeBSD-stable as of 1996/11/01
> 
> Shouldn't this be something more like
> 
> Affects:	FreeBSD 2.0, 2.0.5, 2.1, 2.1.5
> Corrected:	FreeBSD-current as of 1996/10/27
> 		FreeBSD-stable as of 1996/11/01
> 		FreeBSD 2.2 and 2.1.6 releases
> 
> or something?  The timing of the advisory and the statement "FreeBSD 2.*" 
> implies that 2.1.6 is affected, while the CVS tree says that the fix was in 
> 2.1.6 .  Yes, if you know that 2.1.6 was based on FreeBSD-stable and was 
> released after 1996/11/01, then you can derive the same information, but why 
> not make it explicit?  (Especially for the person who is browsing the security 
> advisories next year and comes across this one... "oh, shoot, 2.2 is 
> affected"...)

Yes indeed. I'll send a revised one later today.

-Guido