From owner-freebsd-security  Wed Jul 11 15:59: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-132.dsl.lsan03.pacbell.net [63.207.60.132])
	by hub.freebsd.org (Postfix) with ESMTP
	id 062BC37B401; Wed, 11 Jul 2001 15:58:56 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 1ACFD66D72; Wed, 11 Jul 2001 15:58:53 -0700 (PDT)
Date: Wed, 11 Jul 2001 15:58:53 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Dima Dorfman <dima@unixfreak.org>
Cc: Kris Kennaway <kris@obsecurity.org>,
	"Jacques A. Vidrine" <n@nectar.com>,
	Jason DiCioccio <jdicioccio@epylon.com>,
	"'security@freebsd.org'" <security@freebsd.org>, kris@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:
Message-ID: <20010711155853.A90157@xor.obsecurity.org>
References: <20010711114459.B86556@xor.obsecurity.org> <20010711224852.B97183E31@bazooka.unixfreak.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010711224852.B97183E31@bazooka.unixfreak.org>; from dima@unixfreak.org on Wed, Jul 11, 2001 at 03:48:52PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 11, 2001 at 03:48:52PM -0700, Dima Dorfman wrote:

> > As was announced several months ago, we are no longer requiring
> > security fixes for locally exploitable vulnerabilities under RELENG_3,
> > only network-exploitable vulnerabilities.
>=20
> Right, I saw the announcement and totally agree with it; you have
> enough work to do as it is.  Does this mean, however, that individual
> developers or contributers can't fix the holes after the advisory?
> I.e., is there any reason why I shouldn't apply the patch to RELENG_3?

Nope; feel free.

Kris

--DocE+STaALJfprDB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7TNosWry0BWjoQKURAqR5AJoCXMebrAOPEk+8orL7LonQfevToQCeLk7O
Hk/bTzGMIOmmVPZBRQwU57o=
=CAzv
-----END PGP SIGNATURE-----

--DocE+STaALJfprDB--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message