From owner-freebsd-security  Wed Oct  4 10:21:45 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 8031B37B503
	for <freebsd-security@FreeBSD.ORG>; Wed,  4 Oct 2000 10:21:43 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HLeM16318;
	Wed, 4 Oct 2000 11:21:40 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37650; Wed, 4 Oct 2000 11:21:40 -0600 (MDT)
Message-Id: <200010041721.LAA37650@harmony.village.org>
To: Mike Silbersack <silby@silby.com>
Subject: Re: Fwd: BSD chpass 
Cc: Matt Heckaman <matt@ARPA.MAIL.NET>,
	Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Wed, 04 Oct 2000 00:24:19 CDT."
		<Pine.BSF.4.21.0010040022390.35602-100000@achilles.silby.com> 
References: <Pine.BSF.4.21.0010040022390.35602-100000@achilles.silby.com>  
Date: Wed, 04 Oct 2000 11:21:40 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.21.0010040022390.35602-100000@achilles.silby.com> Mike Silbersack writes:
: Unless the nsswitch changes fixed it, 4.1.1 should still be vulnerable -
: there are no messages in the cvs logs for chpass indicating any
: security-related changes recently.  (For both FreeBSD and OpenBSD.)

No.  Kris' sweep of the tree on July 12th for format problems fixed
it.  Ditto with Millert's sweep of the tree on or about June 30th for
OpenBSD.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message