From owner-freebsd-security Mon Nov 25 19:20:42 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id TAA02116 for security-outgoing; Mon, 25 Nov 1996 19:20:42 -0800 (PST) Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id TAA02107; Mon, 25 Nov 1996 19:20:29 -0800 (PST) Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <14495(5)>; Mon, 25 Nov 1996 19:19:56 PST Received: from localhost ([127.0.0.1]) by crevenia.parc.xerox.com with SMTP id <177711>; Mon, 25 Nov 1996 19:19:50 -0800 X-Mailer: exmh version 1.6.7 5/3/96 To: security-officer@freebsd.org cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr In-reply-to: Your message of "Mon, 25 Nov 1996 14:00:00 PST." <199611252218.XAA11972@gvr.win.tue.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 25 Nov 1996 19:19:39 PST From: Bill Fenner Message-Id: <96Nov25.191950pst.177711@crevenia.parc.xerox.com> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199611252218.XAA11972@gvr.win.tue.nl> security-officer wrote: >Affects: FreeBSD 2.* >Corrected: FreeBSD-current as of 1996/10/27 > FreeBSD-stable as of 1996/11/01 Shouldn't this be something more like Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5 Corrected: FreeBSD-current as of 1996/10/27 FreeBSD-stable as of 1996/11/01 FreeBSD 2.2 and 2.1.6 releases or something? The timing of the advisory and the statement "FreeBSD 2.*" implies that 2.1.6 is affected, while the CVS tree says that the fix was in 2.1.6 . Yes, if you know that 2.1.6 was based on FreeBSD-stable and was released after 1996/11/01, then you can derive the same information, but why not make it explicit? (Especially for the person who is browsing the security advisories next year and comes across this one... "oh, shoot, 2.2 is affected"...) Bill