From owner-freebsd-security@FreeBSD.ORG Tue Sep 14 17:04:57 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39B8A16A4D7 for ; Tue, 14 Sep 2004 17:04:57 +0000 (GMT) Received: from smtp806.mail.sc5.yahoo.com (smtp806.mail.sc5.yahoo.com [66.163.168.185]) by mx1.FreeBSD.org (Postfix) with SMTP id E54D343D54 for ; Tue, 14 Sep 2004 17:04:56 +0000 (GMT) (envelope-from dr2867@pacbell.net) Received: from unknown (HELO ?192.168.0.248?) (dr2867@pacbell.net@68.126.231.116 with plain) by smtp806.mail.sc5.yahoo.com with SMTP; 14 Sep 2004 17:04:56 -0000 Message-ID: <414724BA.60908@pacbell.net> Date: Tue, 14 Sep 2004 10:04:58 -0700 From: Daniel Rudy Organization: SBC Internet Services User-Agent: Mozilla/5.0 (X11R6; UNIX; FreeBSD/i386 4.10-RELEASE-p2; en-US; rv:1.7.2) Gecko/20040707 MultiZilla/1.6.2.0c X-Accept-Language: en-us, en, ja MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <41461A28.1060308@pacbell.net> <20040913223543.GA28187@eagle.aitken.com> In-Reply-To: <20040913223543.GA28187@eagle.aitken.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Kerberos 5 Security Alert? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dr2867@pacbell.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 17:04:57 -0000 At about the time of 9/13/2004 3:35 PM, Jeff Aitken stated the following: > On Mon, Sep 13, 2004 at 03:07:36PM -0700, Daniel Rudy wrote: > >>Does FreeBSD use the MIT implementation? > > > No, the system-supplied krb5 bits are from the Heimdal distribution. > The MIT distribution is available as a port, but is not part of the > base system. > > > >>Why wasn't there a FreeBSD security alert for Kerberos 5? > > > I may be wrong, but I think that security alerts are issued only > for the base system (i.e., things that are part of FreeBSD proper). > Vulnerabilities that affect ports are documented here: > > http://www.vuxml.org/freebsd/ > > I'm sure someone will correct me if this is wrong. > > > --Jeff > > Ok. Then what is the current production version of FreeBSD? I currently have 4.10-p2. -- Daniel Rudy