From owner-freebsd-security Sat Mar 15 13:22:41 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 387AD37B401; Sat, 15 Mar 2003 13:22:38 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 337F043F3F; Sat, 15 Mar 2003 13:22:37 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.8) with ESMTP id h2FLMZrj001909; Sat, 15 Mar 2003 16:22:36 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030315162616.04f4e730@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Sat, 15 Mar 2003 16:27:37 -0500 To: freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: MFC of file security fix ? (was Re: Prov. patch for the file hole ISS disclosed) In-Reply-To: <5.2.0.9.0.20030313074828.07290af0@192.168.0.12> References: <20030311181452.GA59655@dragon.nuxi.com> <20030311174126.GA57179@madman.celabo.org> <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> <5.2.0.9.2.20030311113159.0386fea0@localhost> <20030311174126.GA57179@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Just wondering if any decision has been made on this either way ? ---Mike At 07:49 AM 13/03/2003 -0500, Mike Tancsa wrote: >Hi, > Is there still a plan to MFC this to RELENG_4 ? > >At 10:14 AM 3/11/2003 -0800, David O'Brien wrote: >>On Tue, Mar 11, 2003 at 11:41:27AM -0600, Jacques A. Vidrine wrote: >> > On Tue, Mar 11, 2003 at 11:34:40AM -0600, Christopher Schulte wrote: >> > > At 09:41 AM 3/6/2003 -0600, Jacques A. Vidrine wrote: >> > > >Thanks! However, this has already been fixed in -CURRENT (by import >> > > >of FILE 3.41). I do not know whether or not David plans to MFC in >> > > >time for 4.8-RELEASE. >> > > >> > > I think this should be merged into the security branches, >> > > due to possible remote exploit by third party programs that >> > > use file, such as (at the very least) amavis. >> > >> > I tend to agree. >> > >> > David? >> >>Up to you. I'm going to do an MFC for 4.8. I am not very well setup to >>test the security branches. Do you want me to just MFC exactly what I >>committed to 5-CURRENT to the 5_0 branch (it should Just Work). Same for >>the 4_7 branch. >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-security" in the body of the message > >-------------------------------------------------------------------- >Mike Tancsa, tel +1 519 651 3400 >Sentex Communications, mike@sentex.net >Providing Internet since 1994 www.sentex.net >Cambridge, Ontario Canada www.sentex.net/mike > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message