From owner-freebsd-security  Tue Mar 11 10:15:15 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3EFA537B401; Tue, 11 Mar 2003 10:15:13 -0800 (PST)
Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 7114843F85; Tue, 11 Mar 2003 10:15:12 -0800 (PST)
	(envelope-from obrien@NUXI.com)
Received: from dragon.nuxi.com (smmsp@localhost [127.0.0.1])
	by dragon.nuxi.com (8.12.7/8.12.7) with ESMTP id h2BIErdh059686;
	Tue, 11 Mar 2003 10:14:53 -0800 (PST)
	(envelope-from obrien@dragon.nuxi.com)
Received: (from obrien@localhost)
	by dragon.nuxi.com (8.12.7/8.12.7/Submit) id h2BIEqlR059685;
	Tue, 11 Mar 2003 10:14:52 -0800 (PST)
Date: Tue, 11 Mar 2003 10:14:52 -0800
From: "David O'Brien" <obrien@FreeBSD.org>
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Christopher Schulte <schulte+freebsd@nospam.schulte.org>,
	Guy Poizat <guy@device.dyndns.org>, freebsd-security@FreeBSD.org
Subject: Re: Prov. patch for the file hole ISS disclosed
Message-ID: <20030311181452.GA59655@dragon.nuxi.com>
Reply-To: obrien@FreeBSD.org
References: <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> <5.2.0.9.2.20030311113159.0386fea0@localhost> <20030311174126.GA57179@madman.celabo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030311174126.GA57179@madman.celabo.org>
User-Agent: Mutt/1.4i
X-Operating-System: FreeBSD 5.0-CURRENT
Organization: The NUXI BSD Group
X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Rsa-Keyid: 1024/34F9F9D5
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Mar 11, 2003 at 11:41:27AM -0600, Jacques A. Vidrine wrote:
> On Tue, Mar 11, 2003 at 11:34:40AM -0600, Christopher Schulte wrote:
> > At 09:41 AM 3/6/2003 -0600, Jacques A. Vidrine wrote:
> > >Thanks!  However, this has already been fixed in -CURRENT (by import
> > >of FILE 3.41).  I do not know whether or not David plans to MFC in
> > >time for 4.8-RELEASE.
> > 
> > I think this should be merged into the security branches,
> > due to possible remote exploit by third party programs that
> > use file, such as (at the very least) amavis.
> 
> I tend to agree.
> 
> David?

Up to you.  I'm going to do an MFC for 4.8.  I am not very well setup to
test the security branches.  Do you want me to just MFC exactly what I
committed to 5-CURRENT to the 5_0 branch (it should Just Work).  Same for
the 4_7 branch.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message