From owner-freebsd-security@FreeBSD.ORG  Thu Mar 15 12:10:51 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id AE97416A40A
	for <freebsd-security@freebsd.org>;
	Thu, 15 Mar 2007 12:10:51 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45])
	by mx1.freebsd.org (Postfix) with ESMTP id 690D613C4B8
	for <freebsd-security@freebsd.org>;
	Thu, 15 Mar 2007 12:10:51 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45])
	by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256)
	id 1HRon9-00030E-KN; Thu, 15 Mar 2007 15:10:47 +0300
Date: Thu, 15 Mar 2007 15:10:43 +0300
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: Robert Watson <info@plot.uz>
Message-ID: <20070315121042.GB97072@codelabs.ru>
References: <20070314074510.GH99047@codelabs.ru>
	<20070315120009.A60010@fledge.watson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20070315120009.A60010@fledge.watson.org>
Sender: rea-fbsd@codelabs.ru
X-Spam-Status: No, score=-2.2 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_40
Cc: freebsd-security@freebsd.org
Subject: Re: OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this
	too?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2007 12:10:51 -0000

Robert, good day.

> Sorry for the delayed response on this -- I've only just returned from Tokyo in 
> the last day and am significantly behind in e-mail from the trip.
> 
> According to a source analysis by Jinmei, we are not vulnerable, but I will 
> continue tracking the thread.  Apparently this vulnerability involved an issue
> in the handling of M_EXT, and our implementation of clusters differs 
> significantly from OpenBSD, so it seems likely we are not affected.

OK, thanks for the analysis and sorry for the noise.

> If we 
> discover any information to the contrary, you can be sure that we will get it 
> fixed and release an advisory!

Very good, thank you.
-- 
Eygene