From owner-freebsd-security Wed Oct 4 10:19:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id DFBD137B502 for ; Wed, 4 Oct 2000 10:19:18 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HJGM16297; Wed, 4 Oct 2000 11:19:17 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37604; Wed, 4 Oct 2000 11:19:16 -0600 (MDT) Message-Id: <200010041719.LAA37604@harmony.village.org> To: Mike Tancsa Subject: Re: Fwd: BSD chpass Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 04 Oct 2000 01:12:59 EDT." <4.2.2.20001004011210.035225e0@mail.sentex.net> References: <4.2.2.20001004011210.035225e0@mail.sentex.net> Date: Wed, 04 Oct 2000 11:19:16 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.2.2.20001004011210.035225e0@mail.sentex.net> Mike Tancsa writes: : OK, here is a nasty bugtraq posting :-( There will be an advisory about this, but the short answer is: o 1.x is NOT vulnerable o 2.x, and 3.x through 3.5.1-RELEASE and 4.0-RELEASE are vulnerable o 4.1-RELEASE and 4.1.1-RELEASE are NOT vulnerable o 2.1.x-stable, 2.2.8-stable and 3.5.1-stable have been fixed as of 8 hours ago. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message