From owner-cvs-src@FreeBSD.ORG  Mon Mar 28 14:46:30 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id EC2DA16A4CE; Mon, 28 Mar 2005 14:46:29 +0000 (GMT)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1CA2443D48; Mon, 28 Mar 2005 14:46:29 +0000 (GMT)
	(envelope-from nectar@celabo.org)
Received: by gw.celabo.org (Postfix, from userid 1001)
	id 983C53E2C24; Mon, 28 Mar 2005 08:46:27 -0600 (CST)
Date: Mon, 28 Mar 2005 08:46:27 -0600
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
Message-ID: <20050328144627.GA78918@hellblazer.celabo.org>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
References: <200503281445.j2SEjCQT046186@repoman.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200503281445.j2SEjCQT046186@repoman.freebsd.org>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.9i
Subject: Re: cvs commit: src/contrib/telnet/telnet telnet.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2005 14:46:30 -0000

On Mon, Mar 28, 2005 at 02:45:12PM +0000, Jacques A. Vidrine wrote:
> nectar      2005-03-28 14:45:12 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     contrib/telnet/telnet telnet.c 
>   Log:
>   Correct a pair of buffer overflows in the telnet(1) command:
>   
>    (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
>    functions.
>   
>    (CAN-2005-0469) A global uninitialized data section buffer overflow in
>    slc_add_reply() and related functions.
>   
>   As a result of these vulnerabilities, it may be possible for a malicious
>   telnet server or active network attacker to cause telnet(1) to execute
>   arbitrary code with the privileges of the user running it.
>   
>   Security: CAN-2005-0468, CAN-2005-0469
>   Security: FreeBSD-SA-05:01.telnet
>   Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
>   Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
>   
>   These fixes are based in part on patches
>   Submitted by:   Solar Designer <solar@openwall.com>
>   
>   Revision  Changes    Path
>   1.16      +24 -6     src/contrib/telnet/telnet/telnet.c

The references above may not be available yet, but will be later today.
Likewise, fixes to other FreeBSD branches are upcoming.

Cheers,
-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org