From owner-freebsd-www  Thu Mar  7 22:38:29 2002
Delivered-To: freebsd-www@freebsd.org
Received: from castle.jp.FreeBSD.org (castle.jp.FreeBSD.org [210.226.20.15])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3723E37B400; Thu,  7 Mar 2002 22:38:22 -0800 (PST)
Received: from localhost (localhost [::1])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet6 id g286cKP82808;
	Fri, 8 Mar 2002 15:38:20 +0900 (JST)
	(envelope-from matusita@jp.FreeBSD.org)
X-User-Agent: Mew/1.94.2 XEmacs/21.5 (bamboo)
X-FaceAnim: (-O_O-)(O_O- )(_O-  )(O-   )(-   -)(   -O)(  -O_)( -O_O)(-O_O-)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Dispatcher: imput version 20000228(IM140)
Lines: 53
From: Makoto Matsushita <matusita@jp.FreeBSD.org>
To: security-officer@FreeBSD.org, www@FreeBSD.org
Subject: A patch for FreeBSD Security Information webpage
Date: Fri, 08 Mar 2002 15:38:18 +0900
Message-Id: <20020308153818M.matusita@jp.FreeBSD.org>
Sender: owner-freebsd-www@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-www.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-www>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-www>
X-Loop: FreeBSD.org


<URL:http://www.FreeBSD.org/security/> page is great for the FreeBSD
users to get security information.  However, it seems that it lacks 
some 4.5-RELEASE related information.
.
1) Put a mark that 4.5-RELEASE was out

In the list of SAs, there are marks that "FreeBSD 4.x-RELEASE released."
It would be better to add a new mark for 4.5-RELEASE.  Here is a
patch:

Index: security.sgml
===================================================================
RCS file: /home/ncvs/www/en/security/security.sgml,v
retrieving revision 1.83
diff -u -u -r1.83 security.sgml
--- security.sgml	7 Mar 2002 15:29:14 -0000	1.83
+++ security.sgml	8 Mar 2002 06:27:46 -0000
@@ -128,6 +128,9 @@
 <LI><A HREF="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:11.snmp.asc">FreeBSD-SA-02:11.snmp.asc</A></LI>
 <LI><A HREF="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:10.rsync.asc">FreeBSD-SA-02:10.rsync.asc</A></LI>
 <LI><A HREF="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.fstatfs.asc">FreeBSD-SA-02:09.fstatfs.asc</A></LI>
+</UL>
+FreeBSD 4.5-RELEASE released.
+<UL>
 <LI><A HREF="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc">FreeBSD-SA-02:08.exec.asc</A></LI>
 <LI><A HREF="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc">FreeBSD-SA-02:07.k5su.asc</A></LI>
 <LI><A HREF="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:06.sudo.asc">FreeBSD-SA-02:06.sudo.asc</A></LI>

I have no idea that 02:09 is *after* 4.5-RELEASE or not (it was
announced after 4.5-RELEASE, but 4.5-RELEASE does *not* affected).

2) Note that 4.5-RELEASE is a target release for SAs.

In this webpage, there is a pharase that:

	At this time, security advisories are being released for:
	  FreeBSD 3.5.1-STABLE (remotely exploitable vulnerabilities only)
	  FreeBSD 4.3-RELEASE
	  FreeBSD 4.4-RELEASE
	  FreeBSD 4.4-STABLE

Yes, "4.5-RELEASE" is not mentioned.  Would you please add 4.5-RELEASE
to the list?

And, 02:13 doesn't say anything about 4.3-RELEASE.  RELENG_4_3 was not
changed about OpenSSH.  This means that 4.3-RELEASE is not *fully*
supported release (read: remotely exploitable vulnerabilities only),
just like 3-stable ?

Thanks in advance,
-- -
Makoto `MAR' Matsushita

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-www" in the body of the message