Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Apr 2001 17:01:42 -0700
From:      "Bruce A. Mah" <bmah@FreeBSD.ORG>
To:        Nicole Harrington <nmh@daemontech.com>
Cc:        David <habeeb@cfl.rr.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: FTPD ... (to: alexus) 
Message-ID:  <200104110001.f3B01gD24599@bmah-freebsd-0.cisco.com>
In-Reply-To: <XFMail.010410163859.nmh@daemontech.com> 
References:  <XFMail.010410163859.nmh@daemontech.com>

next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_405469367P
Content-Type: text/plain; charset=us-ascii

If memory serves me right, Nicole Harrington wrote:

>  Read the banner for what?
>  I sure wish I could find out or have in the Cert advisory that FTP daemon
> version XX to XX is vulnerable.
> 
>  Does anyone know this information??
>
>  "We have corrected these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE"
> 
>  Current and Stable are a moving targets. How can people just say these thing
> s.

The statement means the fixes were committed to the relevant CVS
branches as of the time the CERT advisory was written.  It does not say
anything about when exactly the fixes were committed.

> I can assume, but we all know what that means. Stable as of When has the
> patches.  I can get the ftpd patch were if I don't want to do a full cvsup??

Looking through the CVS logs, ftpd.c got the globbing patches on 19
March 2001 for HEAD and 21 March 2001 for RELENG_4. (There were some
changes to libc involved as well.)  At this point, since the
security-officer team hasn't released an advisory, there isn't an
official patch.  I'm not a part of that team, so don't ask.  :-)

Hope this helps,

Bruce.



--==_Exmh_405469367P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: Exmh version 2.2 06/23/2000

iD8DBQE6057l2MoxcVugUsMRAqMzAKCtTCXD0gQ1fjI8f7gjsr46Tr3qxQCeLz32
ISr8m/r1H3JYiGVyRv3Z4eI=
=iJzJ
-----END PGP SIGNATURE-----

--==_Exmh_405469367P--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104110001.f3B01gD24599>