From owner-freebsd-security@FreeBSD.ORG  Wed Jan 28 10:49:54 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 06347D78
 for <freebsd-security@freebsd.org>; Wed, 28 Jan 2015 10:49:54 +0000 (UTC)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de
 [80.67.31.29])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B95C1F24
 for <freebsd-security@freebsd.org>; Wed, 28 Jan 2015 10:49:53 +0000 (UTC)
Received: from [84.44.152.72] (helo=fabiankeil.de)
 by smtprelay02.ispgateway.de with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128)
 (Exim 4.84) (envelope-from <freebsd-listen@fabiankeil.de>)
 id 1YGQBr-0004F7-PA
 for freebsd-security@freebsd.org; Wed, 28 Jan 2015 11:49:43 +0100
Date: Wed, 28 Jan 2015 11:49:48 +0100
From: Fabian Keil <freebsd-listen@fabiankeil.de>
To: freebsd-security@freebsd.org
Subject: Re: svn commit: r277806 - head/sys/dev/vt
Message-ID: <693b2987.2b23d5b0@fabiankeil.de>
In-Reply-To: <CAA3htvspjiDV9_-fwwzLpjYZuA1fG1F3O0_sD02DvcL8b60bGg@mail.gmail.com>
References: <CAA3htvspjiDV9_-fwwzLpjYZuA1fG1F3O0_sD02DvcL8b60bGg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 boundary="Sig_/4lwCHAd_gI=1bb=WdpUbVs."; protocol="application/pgp-signature"
X-Df-Sender: Nzc1MDY3
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jan 2015 10:49:54 -0000

--Sig_/4lwCHAd_gI=1bb=WdpUbVs.
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Pawel Biernacki <pawel.biernacki@gmail.com> wrote:

> I found very worrying statement in that document:
>=20
> "2015-01-27: FreeBSD informs us that after going through their mail archi=
ve
> they found out that the same issue was reported by Google and that they
> missed it."
>=20
> How many other such mails were missed?

I can't answer this question, but I reported a couple of ggated issues
(DoS, non-critical memory disclosure) in December:

2014-12-09: Initial notification sent with potential patches.
2014-12-18: The mail was acknowledged and additional information requested.
2014-12-19: A more verbose description of the issue was sent as requested.
2015-01-15: I asked for a status update, preferably before FOSDEM.

I haven't heard back yet and don't know when the issues will be addressed.

Fabian

--Sig_/4lwCHAd_gI=1bb=WdpUbVs.
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlTIvswACgkQBYqIVf93VJ14jQCcC/BlMAPlBRQu9TAwA5YqIUxC
n6kAmwW5KMBPXjejziHVwGn8wM9D5/zR
=kDgM
-----END PGP SIGNATURE-----

--Sig_/4lwCHAd_gI=1bb=WdpUbVs.--