From owner-freebsd-security Fri Sep 3 10:46:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from super-g.com (super-g.com [207.240.140.161]) by hub.freebsd.org (Postfix) with ESMTP id 7C7F41510D for ; Fri, 3 Sep 1999 10:46:45 -0700 (PDT) (envelope-from spork@super-g.com) Received: by super-g.com (Postfix, from userid 1000) id E9270B8DE; Fri, 3 Sep 1999 13:44:42 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by super-g.com (Postfix) with SMTP id D8DC2B8DC for ; Fri, 3 Sep 1999 13:44:42 -0400 (EDT) Date: Fri, 3 Sep 1999 13:44:42 -0400 (EDT) From: spork X-Sender: spork@super-g.inch.com To: freebsd-security@freebsd.org Subject: Security Alerts Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I've been reading bugtraq more often that this list (2500 messages in this box..) and following a few FBSD exploits there (/etc/security / fts, the mbuf DoS) and also a few where it's unclear as to whether FBSD is affected (libtermcap, wu-ftpd, proftpd). So what I'm wondering is whether the project is in need of someone to digest, discuss, and regurgitate some of these things into security advisories. I personally can appreciate the fact that an ordinary user or admin might not be able to follow every bug that comes up on bugtraq or on this list, and the idea of a central repository on the FreeBSD webpage that is kept up to date and includes third-party software (esp. if it's in common use, like wu) seems like a good one. So I'm volunteering to write this stuff up, all I need is the go-ahead from someone... Charles --- Charles Sprickman spork@super-g.com --- "...there's no idea that's so good you can't ruin it with a few well-placed idiots." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message