From owner-freebsd-security@FreeBSD.ORG  Mon Jun  1 23:46:57 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 74B83C57
 for <freebsd-security@freebsd.org>; Mon,  1 Jun 2015 23:46:57 +0000 (UTC)
 (envelope-from venture37@gmail.com)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com
 [IPv6:2a00:1450:400c:c05::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 201D71067
 for <freebsd-security@freebsd.org>; Mon,  1 Jun 2015 23:46:57 +0000 (UTC)
 (envelope-from venture37@gmail.com)
Received: by wifw1 with SMTP id w1so124234751wif.0
 for <freebsd-security@freebsd.org>; Mon, 01 Jun 2015 16:46:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=U1kJ7FAQVQt/9LKS7xE/D0P1uRDuvkOE+yO+i5Qu0qk=;
 b=pgU6rh60cxaPL8dBYInE6FuXKf3KIaZd2w/AANtIyPmSOWS1P9W5IisaQZTGqVgvWP
 biyUUBUYUT1hsB1TBEjoeBQFSOXmPXNF9JYCJymoO+jcS+bKxIUGHJjUU0ZjJtpSeUFh
 8uevi3LzCO51+H/O4FeN8vQRz0du15lHuhDJnGYO/33dEGZpj/E47TRUTh8eXAqauGXn
 icc419HmseSpMroVklVl6Tn0x6zFCUE90nQ4r99UBMh3pxcGvaTqNNN+bE11eFkiaLU0
 DXRfgK8a7aPOah0+lEAaSzsjhQhRWW97w9F0ut+/3kDDFyP8iHhRuucMwjLF8YjHkzVV
 AuFQ==
MIME-Version: 1.0
X-Received: by 10.180.92.162 with SMTP id cn2mr25546691wib.26.1433202415388;
 Mon, 01 Jun 2015 16:46:55 -0700 (PDT)
Received: by 10.194.88.165 with HTTP; Mon, 1 Jun 2015 16:46:55 -0700 (PDT)
In-Reply-To: <1430250480.672566.259824585.439C7F0B@webmail.messagingengine.com>
References: <553DF49E.3020502@riseup.net>
 <1430250480.672566.259824585.439C7F0B@webmail.messagingengine.com>
Date: Tue, 2 Jun 2015 00:46:55 +0100
Message-ID: <CA+U3Mf6RvYg3a3+qUHSSPAOf49Q105ZQ--gG3=D+g19pDtFgLw@mail.gmail.com>
Subject: Re: base/release/10.1.0/contrib/file vulnerabilities?
From: "Sevan / Venture37" <venture37@gmail.com>
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 23:46:57 -0000

On 28 April 2015 at 20:48, Mark Felder <feld@freebsd.org> wrote:
>
>
> On Mon, Apr 27, 2015, at 03:34, Piotr Kubaj wrote:
>> Hi,
>>
>> I wrote about this vulnerability in January:
>> https://lists.freebsd.org/pipermail/freebsd-security/2015-January/008115.html
>>
>> There were only patches for stable.
>>
>
> There is an open PR as well
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198912


Update from delphij@
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198912#c3

Sevan / Venture37