From owner-cvs-all  Mon Oct  2 15:29:32 2000
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 841C937B502; Mon,  2 Oct 2000 15:29:27 -0700 (PDT)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id SAA76129;
	Mon, 2 Oct 2000 18:29:26 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 2 Oct 2000 18:29:26 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Brian Somers <brian@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.bin/finger finger.c
In-Reply-To: <200010022227.PAA62603@freefall.freebsd.org>
Message-ID: <Pine.NEB.3.96L.1001002182845.75641D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


We need to release a security advisory for this.  It might be worth
rerolling 4.1.1-RELEASE, although maybe that's not possible. 

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

On Mon, 2 Oct 2000, Brian Somers wrote:

> brian       2000/10/02 15:27:34 PDT
> 
>   Modified files:
>     usr.bin/finger       finger.c 
>   Log:
>   Don't allow finger /somefile, only allow filname expansions from
>   inside /etc/finger.conf
>   
>   PR:	21704
>   
>   Revision  Changes    Path
>   1.20      +11 -1     src/usr.bin/finger/finger.c
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message