From owner-freebsd-security  Sat Dec 14 04:59:33 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id EAA26077
          for security-outgoing; Sat, 14 Dec 1996 04:59:33 -0800 (PST)
Received: from pdx1.world.net (pdx1.world.net [192.243.32.18])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id EAA26064
          for <security@freebsd.org>; Sat, 14 Dec 1996 04:59:31 -0800 (PST)
From: proff@suburbia.net
Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id FAA24304 for <security@freebsd.org>; Sat, 14 Dec 1996 05:00:05 -0800 (PST)
Received: (qmail 989 invoked by uid 110); 14 Dec 1996 12:59:16 -0000
Message-ID: <19961214125916.988.qmail@suburbia.net>
Subject: Re: vulnerability in new pw suite
In-Reply-To: <199612141131.MAA25325@uriah.heep.sax.de> from J Wunsch at "Dec 14, 96 12:31:37 pm"
To: joerg_wunsch@uriah.heep.sax.de
Date: Sat, 14 Dec 1996 23:59:16 +1100 (EST)
Cc: proff@iq.org, security@freebsd.org, hackers@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> > may be very narrow, depending on what sort of information is
> > available to the attacker.
> 
> Is there any particular reason why you didn't submit this to the
> author in the first place?  (Forwarded to David now.)

The pw code only made it into current a week ago. I doubt anyone
is using it yet.