From owner-freebsd-security@FreeBSD.ORG Thu May 1 12:30:04 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F2144DD5 for ; Thu, 1 May 2014 12:30:04 +0000 (UTC) Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DB4A157C for ; Thu, 1 May 2014 12:30:04 +0000 (UTC) Received: from [192.168.0.249] (5751e248.skybroadband.com [87.81.226.72]) by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id s41CJxoI007856; Thu, 1 May 2014 13:19:59 +0100 (BST) (envelope-from rb@gid.co.uk) From: Bob Bishop Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp Date: Thu, 1 May 2014 13:19:54 +0100 Message-Id: <9C9E416B-501C-49CD-A698-93CA7848CD1D@gid.co.uk> To: Kevin Day Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) X-Mailer: Apple Mail (2.1874) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 12:30:05 -0000 Hi, > From: Kevin Day > To: freebsd-security@freebsd.org > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp >=20 > > Affects: All supported versions of FreeBSD. > > Corrected: 2014-04-30 04:04:20 UTC (stable/8, 8.4-STABLE) > > 2014-04-30 04:05:47 UTC (releng/8.4, 8.4-RELEASE-p9) > > 2014-04-30 04:05:47 UTC (releng/8.3, = 8.3-RELEASE-p16) > > 2014-04-30 04:04:20 UTC (stable/9, 9.2-STABLE) > > 2014-04-30 04:05:47 UTC (releng/9.2, 9.2-RELEASE-p5) > > 2014-04-30 04:05:47 UTC (releng/9.1, = 9.1-RELEASE-p12) > > 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) > > 2014-04-30 04:04:42 UTC (releng/10.0, = 10.0-RELEASE-p2) >=20 > Does anyone know the lower bound for how far back this bug exists? Is = it only present in the above versions, or does it affect earlier = versions that aren?t listed? >=20 > (trying to come up with a deployment plan for some servers stuck on = 8.1 and 7.x due to vendors abandoning device drivers) Just looked at this, 8.1 and 7.x don't have the optimisation using the = stack so they are unaffected. -- Bob Bishop rb@gid.co.uk