From owner-freebsd-security Sat Sep 30 19:24:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from tisch.mail.mindspring.net (tisch.mail.mindspring.net [207.69.200.157]) by hub.freebsd.org (Postfix) with ESMTP id 9538F37B503 for ; Sat, 30 Sep 2000 19:24:49 -0700 (PDT) Received: from p4f0i0 (user-2inihhf.dialup.mindspring.com [165.121.70.47]) by tisch.mail.mindspring.net (8.9.3/8.8.5) with SMTP id WAA07369; Sat, 30 Sep 2000 22:24:45 -0400 (EDT) Message-ID: <000b01c02b4e$e499c4e0$2f4679a5@p4f0i0> From: "Jonathan M. Slivko" To: "Igor Roshchin" , References: <200010010212.WAA49025@giganda.komkon.org> Subject: Re: advisory suggestion Date: Sat, 30 Sep 2000 22:25:38 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I totally agree on that point. ---------------------------------------------------------------------------- ------------------------------ Jonathan M. Slivko, President & Founder - Linux Mafia Internet Services Phone: (212) 663-1109 - Pager: (917) 388-5304 (24/7) Webpage: http://www.linux-mafia.net -- "In FreeBSD We Trust!" AIM SN: OptixNYC -- Network Solutions Handle: JSR730 ---------------------------------------------------------------------------- ------------------------------ ----- Original Message ----- From: "Igor Roshchin" To: Sent: Saturday, September 30, 2000 10:12 PM Subject: advisory suggestion > > I remember there was a discussion 1-2 years ago, > on how to state in advisories which versions of FreeBSD are vulnerable. > Unfortunately I don't remember what was the final consensus, > but may I make a suggestion based on the recent advisory? > > Sometimes, it is difficult to recall when a particular release was > rolled out. So, say, if I have a box running 3.5.1 - and I start > thinkin if that one is affected, I'd have to go to an ftp server > and check the dates of the release, which makes it not very convenient. > Well, 4.1.1 is out just a few days ago, so it is easier to recall that date, > but if another advisory would come out a month from now, and would have > the fix date of September 30, I wouldn't remember if it was before > or after 4.1.1 was out. > Otherwise, I think the current format is very clear. > > So, my suggestion is: > when there are additional releases in N.K-STABLE (or N.K-CURRENT) branch > (or to be more exact the particular N.K version of the branch) > besides N.K-RELEASE (such as N.K.1-RELEASE), it would be nice > to have a clause in there: > > Affects: FreeBSD..... > ... including 3.5.1-RELEASE > > Corrected: .... > (including 4.1.1-RELEASE [and later]) > > Regards, > > Igor > > > > From: FreeBSD Security Advisories > > To: FreeBSD Security Advisories > > Subject: FreeBSD Security Advisory: FreeBSD-SA-00:53.catopen > > Date: Wed, 27 Sep 2000 17:48:35 -0700 (PDT) > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > ============================================================================ = > > FreeBSD-SA-00:53 Security Advisory > > FreeBSD, Inc. > > > > Topic: catopen() may pose security risk for third party code > > > > Category: core > > Module: libc > > Announced: 2000-09-27 > > Affects: FreeBSD 5.0-CURRENT, 4.x and 3.x prior to the correction date. > > Corrected: Problem 1: 2000-08-06 (FreeBSD 5.0-CURRENT) > > 2000-08-22 (FreeBSD 4.1-STABLE) > > 2000-09-07 (FreeBSD 3.5-STABLE) > > Problem 2: 2000-09-08 (FreeBSD 5.0-CURRENT, 4.1-STABLE and > > 3.5-STABLE) > <..> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message