From owner-freebsd-security Sun May 12 9:25:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from forum.lariat.org (forum.lariat.org [12.23.109.3]) by hub.freebsd.org (Postfix) with ESMTP id 531F237B407 for ; Sun, 12 May 2002 09:25:39 -0700 (PDT) Received: (from brett@localhost) by forum.lariat.org (8.9.3/8.9.3) id KAA16452; Sun, 12 May 2002 10:25:38 -0600 (MDT) Date: Sun, 12 May 2002 10:25:38 -0600 (MDT) From: Brett Glass Message-Id: <200205121625.KAA16452@forum.lariat.org> To: jedgar@fxp.org, security@freebsd.org Subject: Re: DHCPD bug Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Chris Faulhaber writes: >I assume you first emailed portmgr@FreeBSD.org (since they work the >packages) or perhaps admins@FreeBSD.org or hub@FreeBSD.org (who >maintain the various FreeBSD machines) and you received no response >so you are trying to contact them using the -security list. That assumption is incorrect. None of the addresses you mention above are listed as contacts for such requests, or if they are I could not find them listed as such. I did post to the -ports list, which one would expect to be monitored at least as closely by those in charge of updating packages, but received no response at all. I posted to the -security list not only because failure to update the package is a very serious security issue, but also because no advisory has yet gone out. It is important that an advisory be sent before exploits become widespread. You can bet that the malware authors are already hard at work on skripts and worms that exploit the hole. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message