From owner-freebsd-security@FreeBSD.ORG  Tue Apr 28 19:48:09 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id AD2F733E
 for <freebsd-security@freebsd.org>; Tue, 28 Apr 2015 19:48:09 +0000 (UTC)
Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com
 [66.111.4.221])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 831D91DF6
 for <freebsd-security@freebsd.org>; Tue, 28 Apr 2015 19:48:09 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailnew.nyi.internal (Postfix) with ESMTP id ED824593
 for <freebsd-security@freebsd.org>; Tue, 28 Apr 2015 15:48:00 -0400 (EDT)
Received: from web3 ([10.202.2.213])
 by compute3.internal (MEProxy); Tue, 28 Apr 2015 15:48:00 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=uov4/EYxRxGPRqt
 pJLy8iD0cmU0=; b=hnglE9k4ItSlLSsXO5hC3mWECSXqpbrPsq/BPit4O0piZk4
 lAJJX0rFnzr2XpuXZMzg61DKfrq5fWB5xqa9USqrUdTG4uvTgKVPztmG6ggKxo73
 dYdakkCNMp7KgkMAPZ6PK6AvQD6/YJYroloJSH/LnoXGc2gubXDJINzZwVvY=
Received: by web3.nyi.internal (Postfix, from userid 99)
 id A70A2103D35; Tue, 28 Apr 2015 15:48:00 -0400 (EDT)
Message-Id: <1430250480.672566.259824585.439C7F0B@webmail.messagingengine.com>
X-Sasl-Enc: fqeLnsV0+lbbMQC6+rnHzbmNiqndwEQ+KNfBE+HNTmUu 1430250480
From: Mark Felder <feld@FreeBSD.org>
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: MessagingEngine.com Webmail Interface - ajax-049af6e1
Subject: Re: base/release/10.1.0/contrib/file vulnerabilities?
Date: Tue, 28 Apr 2015 14:48:00 -0500
In-Reply-To: <553DF49E.3020502@riseup.net>
References: <553DF49E.3020502@riseup.net>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2015 19:48:09 -0000



On Mon, Apr 27, 2015, at 03:34, Piotr Kubaj wrote:
> Hi,
> 
> I wrote about this vulnerability in January:
> https://lists.freebsd.org/pipermail/freebsd-security/2015-January/008115.html
> 
> There were only patches for stable.
> 

There is an open PR as well

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198912