From owner-freebsd-security Tue Jul 2 18: 9:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E60FC37B400 for ; Tue, 2 Jul 2002 18:09:30 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84C3E43E09 for ; Tue, 2 Jul 2002 18:09:30 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.4/8.12.3) with ESMTP id g6319UT4008966; Tue, 2 Jul 2002 18:09:30 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.4/8.12.3/Submit) id g6319Ufb008965; Tue, 2 Jul 2002 18:09:30 -0700 (PDT) (envelope-from dillon) Date: Tue, 2 Jul 2002 18:09:30 -0700 (PDT) From: Matthew Dillon Message-Id: <200207030109.g6319Ufb008965@apollo.backplane.com> To: Dag-Erling Smorgrav Cc: "Peter Brezny" , Subject: Re: CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Since were on the subject of vulnerabilities, I am massively confused over the reported BIND/NAMED vulnerability. My question is simple: Is the named in -stable currently vulnerable or has it been fixed? I know the port is fixed. What about the named sitting in -stable? Thanks, -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message