From owner-freebsd-security Fri Mar 19 11: 8:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 7E0AC14E63 for ; Fri, 19 Mar 1999 11:08:48 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail1.its.rpi.edu (8.8.8/8.8.6) with ESMTP id OAA201350; Fri, 19 Mar 1999 14:10:11 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: drosih@pop1.rpi.edu Message-Id: In-Reply-To: Date: Fri, 19 Mar 1999 14:09:00 -0500 To: "Harry M. Leitzell" , freebsd-security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: 3.1-RELEASE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 1:49 PM -0500 3/19/99, Harry M. Leitzell wrote: > I am just curious as to who updates the ports for the RELEASEs. >It seems when I was installing 3.1 on a friends machine yesterday and went >to install an ftp daemon, I ended up using the ports to install proftpd. >The only problem with this is that the ports collection installed pre1 >which has a known buffer overflow in it. Maybe I am wrong in assuming >this is a bad thing ... but shouldn't someone be checking and updating >things like this? If you notice something like this, it is good to do a send-pr for it. The fact that someone is doing a port doesn't mean that they follow the development of it very closely. It just means that they like it, and they know how to get it setup and working for FreeBSD. So they may not be aware of a security issue, but once someone makes them aware of one then they may jump right on updating the port. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message