From owner-freebsd-stable@FreeBSD.ORG Tue Sep 16 12:27:12 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51F7916A4B3 for ; Tue, 16 Sep 2003 12:27:12 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-64-169-107-253.dsl.lsan03.pacbell.net [64.169.107.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id C496143FDD for ; Tue, 16 Sep 2003 12:27:08 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 30F8066D32; Tue, 16 Sep 2003 12:27:00 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id EDDCE7CA; Tue, 16 Sep 2003 12:26:59 -0700 (PDT) Date: Tue, 16 Sep 2003 12:26:59 -0700 From: Kris Kennaway To: Craig Boston Message-ID: <20030916192659.GA11518@rot13.obsecurity.org> References: <20030916171436.GA12867@ei.bzerk.org> <200309161416.17241.craig@meoqu.gank.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1" Content-Disposition: inline In-Reply-To: <200309161416.17241.craig@meoqu.gank.org> User-Agent: Mutt/1.4.1i cc: stable@freebsd.org cc: Ruben de Groot Subject: Re: Release Engineering Status Report X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2003 19:27:12 -0000 --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 16, 2003 at 02:16:17PM -0500, Craig Boston wrote: > On Tuesday 16 September 2003 12:14 pm, Ruben de Groot wrote: > > Fortunately, there's allready a patch in the source tree: > > > > http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?= r1=3D1 > >.1.1.6&r2=3D1.1.1.7&f=3Dh >=20 > Yes, fortunately the patch is there. I noticed however that in the versi= on=20 > committed to the RELENG_4_8 branch, RCSID wasn't changed, so it's not=20 > possible to use ident to tell if your libssh needs to be patched or not (= both=20 > old and new say 1.16)... Was that an oversight or should I be using some= =20 > other method to determine if I'm running a vulnerable version or not? Err, the RCS ID is updated automatically upon CVS checkin..is that really what you mean? Kris --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z2QDWry0BWjoQKURAoy6AJ4kygv+aWJWVL8IzyIAWDPT+zKsXACfeHnk xSaM+dcMUaybV/gO2yWEy0k= =58AQ -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1--