From owner-freebsd-security Sat Mar 20 0: 1:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.andrew.cmu.edu (SMTP1.ANDREW.CMU.EDU [128.2.10.81]) by hub.freebsd.org (Postfix) with ESMTP id E61E614FFE for ; Sat, 20 Mar 1999 00:01:21 -0800 (PST) (envelope-from Harry_M_Leitzell@cmu.edu) Received: from unix6.andrew.cmu.edu (UNIX6.ANDREW.CMU.EDU [128.2.15.10]) by smtp1.andrew.cmu.edu (8.8.5/8.8.2) with SMTP id DAA00052; Sat, 20 Mar 1999 03:00:59 -0500 (EST) Date: Sat, 20 Mar 1999 03:00:57 -0500 (EST) From: "Harry M. Leitzell" X-Sender: Harry_M_Leitzell@unix6.andrew.cmu.edu To: patl@phoenix.volant.org Cc: freebsd-security@freebsd.org Subject: Re: 3.1-RELEASE In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 19 Mar 1999 patl@phoenix.volant.org wrote: > > I am just curious as to who updates the ports for the RELEASEs. > > It seems when I was installing 3.1 on a friends machine yesterday and went > > to install an ftp daemon, I ended up using the ports to install proftpd. > > The only problem with this is that the ports collection installed pre1 > > which has a known buffer overflow in it. Maybe I am wrong in assuming > > this is a bad thing ... but shouldn't someone be checking and updating > > things like this? > > I suspect that pre1 was the most current version when the ports tree > was frozen for 3.1-RELEASE. If you install the 3.1->current package > (from the Web/FTP site) and then CVSup ports, you will find that it > is now using pre2. (And has been since at least the end of February.) > > > > -Pat My thoughts were more on the security of the default installation. Not many people will set up a cron to snag the latest source through CVS and thus would be open to having their machine broken into. I was just wondering if someone could/would do something like updating things that are frozen on -RELEASEs. I was under the impression that most people will not install -CURRENT due to wanting a stable server through -RELEASE and thus would fall victim to stupid errors. [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] Harry M. Leitzell - Harry_M_Leitzell@cmu.edu Carnegie Mellon University Finger for PGP Public Key [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message