From owner-freebsd-security Thu Dec 2 1:14:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 6E2AE14E11; Thu, 2 Dec 1999 01:14:14 -0800 (PST) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.040 #1) id 11tSId-000Gow-00; Thu, 02 Dec 1999 11:13:15 +0200 From: Sheldon Hearn To: Bill Swingle Cc: security@FreeBSD.ORG, Jordan Hubbard Subject: Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] In-reply-to: Your message of "Wed, 01 Dec 1999 09:32:42 PST." <19991201093242.A71817@dub.net> Date: Thu, 02 Dec 1999 11:13:15 +0200 Message-ID: <64661.944125995@axl.noc.iafrica.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 01 Dec 1999 09:32:42 PST, Bill Swingle wrote: > Ok, so I know these are all vulnerabilities in third party software, and > that the actual problem with each program is not really ours to fix but > each of these problems can be avoided with small changes to the > respective ports. Well, I hunted the PR database for this guy's reports / patches and look what I found: > OVERVIEW > Vulnerabilities in seyon, xmindpath and angband can be used to upgrade > privileges. for i in seyon xmindpath angband; do query-pr --summary --synopsis="$i" done | grep -v closed query-pr: no PRs matched query-pr: no PRs matched Looks to me like this chap's full of hot air. I'm not saying the problems don't exist, but this guy doesn't seem to have done much to contact us, eh? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message