From owner-freebsd-security Wed Feb 5 5:15:35 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6793537B405 for ; Wed, 5 Feb 2003 05:15:34 -0800 (PST) Received: from altus-escon.com (altesco.xs4all.nl [213.84.124.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B7D243F3F for ; Wed, 5 Feb 2003 05:15:33 -0800 (PST) (envelope-from ben@altus-escon.com) Received: from giskard.altus-escon.com (giskard.altus-escon.com [193.78.231.1]) by altus-escon.com (8.12.6/8.12.6) with ESMTP id h15DFV4c042251 for ; Wed, 5 Feb 2003 14:15:31 +0100 (CET) (envelope-from ben) Received: (from ben@localhost) by giskard.altus-escon.com (8.9.3/8.9.3) id OAA19437 for security@FreeBSD.ORG; Wed, 5 Feb 2003 14:15:28 +0100 (MET) Message-Id: <200302051315.OAA19437@giskard.altus-escon.com> Content-Type: text/plain MIME-Version: 1.0 (NeXT Mail 3.3 v148.2.1) X-Nextstep-Mailer: Mail 3.3 (Enhance 2.0b6) Received: by NeXT.Mailer (1.148.2.1) From: Ben Stuyts Date: Wed, 5 Feb 2003 14:15:27 +0100 To: security@FreeBSD.ORG Subject: cvs security fix not in RELENG_4? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Regarding the security advisory concerning the remotely exploitable vulnerability in cvs server: I am running a 4-stable system with a cvs tag of RELENG_4 here. According to the advisory, this system is vulnerable. However, I cannot find a fix for this in the RELENG_4 branch. The affected file server.c has a cvs id of 1.13.2.5 dated 2003/01/21. Nothing else has been committed since on this branch. Am I overlooking something? Thanks, Ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message