From owner-freebsd-security Tue Feb 16 06:26:19 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA22842 for freebsd-security-outgoing; Tue, 16 Feb 1999 06:26:19 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA22833 for ; Tue, 16 Feb 1999 06:26:16 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id JAA18762; Tue, 16 Feb 1999 09:25:58 -0500 (EST) Date: Tue, 16 Feb 1999 09:25:58 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Andrew McNaughton cc: cjclark@home.com, freebsd-security@FreeBSD.ORG Subject: Re: CA-99-03-FTP-Buffer-Overflows In-Reply-To: <199902160913.WAA17654@aniwa.sky> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 16 Feb 1999, Andrew McNaughton wrote: > I found it rather curious that FreeBSD's ftpd was not mentioned. > Particularly as the PGP signature's version ID said FreeBSD was used, > implying that it would have been around for testing. I did also, so emailed the author of the advisory about it. I was told that they had problems contacting a vendor to be responsible for the report, although they had verified that the problem did not exist. I forwarded this mail to Jordan and expressed my concern, but from Jordan's response I am guessing that it might actually have been a problem on the part of the advisory author. I emailed the author back again with Jordan's response and inquired as to what routes they had attempted to contact us by, but never received a response. It's not clear to me yet who dropped the ball, but who knows :-). My understanding has always been that our web page is sufficiently clear about who to contact; if I get a response I will continue to follow up on it. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message