From owner-freebsd-security  Tue Feb 16 06:26:19 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA22842
          for freebsd-security-outgoing; Tue, 16 Feb 1999 06:26:19 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA22833
          for <freebsd-security@FreeBSD.ORG>; Tue, 16 Feb 1999 06:26:16 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id JAA18762;
	Tue, 16 Feb 1999 09:25:58 -0500 (EST)
Date: Tue, 16 Feb 1999 09:25:58 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Andrew McNaughton <andrew@squiz.co.nz>
cc: cjclark@home.com, freebsd-security@FreeBSD.ORG
Subject: Re: CA-99-03-FTP-Buffer-Overflows 
In-Reply-To: <199902160913.WAA17654@aniwa.sky>
Message-ID: <Pine.BSF.3.96.990216092314.16267B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 16 Feb 1999, Andrew McNaughton wrote:

> I found it rather curious that FreeBSD's ftpd was not mentioned. 
> Particularly as the PGP signature's version ID said FreeBSD was used,
> implying that it would have been around for testing. 

I did also, so emailed the author of the advisory about it.  I was told
that they had problems contacting a vendor to be responsible for the
report, although they had verified that the problem did not exist.  I
forwarded this mail to Jordan and expressed my concern, but from Jordan's
response I am guessing that it might actually have been a problem on the
part of the advisory author.  I emailed the author back again with
Jordan's response and inquired as to what routes they had attempted to
contact us by, but never received a response.  It's not clear to me yet
who dropped the ball, but who knows :-).  My understanding has always been
that our web page is sufficiently clear about who to contact; if I get a
response I will continue to follow up on it.

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message