From owner-freebsd-security Fri Mar 19 11:59: 5 1999 Delivered-To: freebsd-security@freebsd.org Received: from phoenix.volant.org (phoenix.volant.org [205.179.79.193]) by hub.freebsd.org (Postfix) with ESMTP id 2D21D1515E for ; Fri, 19 Mar 1999 11:58:56 -0800 (PST) (envelope-from patl@phoenix.volant.org) Received: from asimov.phoenix.volant.org ([205.179.79.65]) by phoenix.volant.org with smtp (Exim 1.92 #8) id 10O5Ph-0004yo-00; Fri, 19 Mar 1999 11:58:37 -0800 Received: from localhost by asimov.phoenix.volant.org (SMI-8.6/SMI-SVR4) id LAA13866; Fri, 19 Mar 1999 11:58:29 -0800 Date: Fri, 19 Mar 1999 11:58:29 -0800 (PST) From: patl@phoenix.volant.org Reply-To: patl@phoenix.volant.org Subject: Re: 3.1-RELEASE To: "Harry M. Leitzell" Cc: freebsd-security@freebsd.org In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I am just curious as to who updates the ports for the RELEASEs. > It seems when I was installing 3.1 on a friends machine yesterday and went > to install an ftp daemon, I ended up using the ports to install proftpd. > The only problem with this is that the ports collection installed pre1 > which has a known buffer overflow in it. Maybe I am wrong in assuming > this is a bad thing ... but shouldn't someone be checking and updating > things like this? I suspect that pre1 was the most current version when the ports tree was frozen for 3.1-RELEASE. If you install the 3.1->current package (from the Web/FTP site) and then CVSup ports, you will find that it is now using pre2. (And has been since at least the end of February.) -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message