Date: Mon, 13 May 2002 07:05:20 -0400 From: Chris Faulhaber <jedgar@fxp.org> To: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> Cc: security@freebsd.org Subject: Re: DHCPD bug Message-ID: <20020513110520.GA21996@darkstar.doublethink.cx> In-Reply-To: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com> References: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 13, 2002 at 09:18:59AM +0200, Carroll, D. (Danny) wrote: > As a little aside, whilst reading the CERT advisory I noticed that > NetBSD is not vulernable because: "NetBSD fixed this during a format > string sweep performed on 11-Oct-2000. No released version of NetBSD is > vulnerable to this issue." >=20 > Nice and prudent. Is there any reason why this would be difficult to do > in the FreeBSD source / Ports source?? >=20 Numerous developers have performed audits on much of the base system along with bringing in fixes from NetBSD, OpenBSD, and other parts of the open-source community. As for the ports tree, with over 6000 independently-written applications, finding (or funding) developers to perform a full-scale audit may be a bit difficult. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjzfnfAACgkQObaG4P6BelBaaQCgmKu1yrixhq9qGOuWSSBUSD7e dzcAniGpJZD8/0uKFt6TuEi0kiSsil7U =atRe -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020513110520.GA21996>