From owner-freebsd-security  Mon Mar 13  2: 9:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id A50ED37B558; Mon, 13 Mar 2000 02:09:21 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id A2A9E2E8159; Mon, 13 Mar 2000 02:09:21 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Mon, 13 Mar 2000 02:09:21 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Justin Stanford <jus@security.za.net>
Cc: freebsd-security@freebsd.org
Subject: Re: IRCII-4.4
In-Reply-To: <Pine.BSF.4.10.10003131117250.58929-100000@security.za.net>
Message-ID: <Pine.BSF.4.21.0003130207390.81551-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 13 Mar 2000, Justin Stanford wrote:

> Hi, folks
> 
> Can anyone confirm the supposed vulnerability in ircII-4.4? Is it necesary
> to upgrade to 4.4M, and have ports got this lined up?
> 
I was a bit too late to get the fixed port in time for 4.0, but Satoshi
did mark it forbidden which is better than shipping an insecure port.

In the meantime, there's an upgrade at:

http:://www.freebsd.org/~kris/ircII.patch

which upgrades to 4.4M

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message