Date: Tue, 10 Apr 2001 22:55:28 -0400 From: Keith Stevenson <keith.stevenson@louisville.edu> To: Nicole Harrington <nmh@daemontech.com> Cc: freebsd-security@freebsd.org Subject: Re: FTPD ... (to: alexus) Message-ID: <20010410225527.A18857@osaka.louisville.edu> In-Reply-To: <XFMail.010410163859.nmh@daemontech.com>; from nmh@daemontech.com on Tue, Apr 10, 2001 at 04:38:59PM -0700 References: <01041018392603.11342@descrypt.com> <XFMail.010410163859.nmh@daemontech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I gleaned the following from looking through the commit logs in my local copy of the source repository: Two files in src/libexec/ftpd appear to have been changed to address the globbing bug, ftpd.c and popen.c. The solution also appears to rely upon some changes made to libc. open.c ------- revision 1.20 (CURRENT) date: 2001/03/19 19:11:00; author: jlemon; state: Exp; lines: +3 -1 Teach ftpd about the new GLOB_MAXPATH flag. revision 1.18.2.2 (RELENG_4) date: 2001/03/21 14:40:37; author: jlemon; state: Exp; lines: +3 -1 MFC: globbing limits for ftpd. revision 1.15.2.2 (RELENG_3) date: 2001/04/08 00:15:00; author: jedgar; state: Exp; lines: +3 -1 MFC: globbing limits for ftpd ftpd.c ------ revision 1.74 (CURRENT) date: 2001/03/19 19:11:00; author: jlemon; state: Exp; lines: +10 -1 Teach ftpd about the new GLOB_MAXPATH flag. revision 1.62.2.9 (RELENG_4) date: 2001/03/21 14:40:36; author: jlemon; state: Exp; lines: +11 -1 MFC: globbing limits for ftpd. This indicates that the problem was addressed in CURRENT on 3/19, in 4.2-STABLE on 3/21, and was partially implemented in 3.5-STABLE on 4/8. (The ftpd.c portion of the fix does not seem to have been committed to the 3.5 branch.) Personally, I'd do a full cvsup to address this. I'm sure that lots of people will let me know if I've mis-stated anything. :) Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville keith.stevenson@louisville.edu GPG key fingerprint = 332D 97F0 6321 F00F 8EE7 2D44 00D8 F384 75BB 89AE On Tue, Apr 10, 2001 at 04:38:59PM -0700, Nicole Harrington wrote: > > Does anyone know this information?? > > "We have corrected these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE" > > Current and Stable are a moving targets. How can people just say these things. > I can assume, but we all know what that means. Stable as of When has the > patches. I can get the ftpd patch were if I don't want to do a full cvsup?? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010410225527.A18857>