From owner-freebsd-bugs  Tue Apr  2 22:57:01 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id WAA26435
          for bugs-outgoing; Tue, 2 Apr 1996 22:57:01 -0800 (PST)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id WAA25775
          for <freebsd-bugs@FreeBSD.org>; Tue, 2 Apr 1996 22:53:14 -0800 (PST)
Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id IAA06625 for <freebsd-bugs@FreeBSD.org>; Wed, 3 Apr 1996 08:52:33 +0200
Received: by sax.sax.de (8.6.11/8.6.12-s1) with UUCP
	id IAA09813; Wed, 3 Apr 1996 08:51:01 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.7.4/8.6.9) id IAA14909; Wed, 3 Apr 1996 08:36:23 +0200 (MET DST)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199604030636.IAA14909@uriah.heep.sax.de>
Subject: Re: BUGS and PATCHES list !
To: freebsd-bugs@FreeBSD.org (FreeBSD bugs list)
Date: Wed, 3 Apr 1996 08:36:22 +0200 (MET DST)
Cc: e9203125@linf.unb.br (Alex Carlos Braga Ant\co)
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <3161AF0F.17C@linf.unb.br> from "Alex Carlos Braga Ant\co" at Apr 2, 96 07:49:51 pm
X-Phone: +49-351-2012 669
X-Mailer: ELM [version 2.4 PL24 ME8a]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-bugs@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

As Alex Carlos Braga Ant\co wrote:

>   How and where may I find a list of BUGS and patches to these bugs 
> already found on FreeBSD ? Especialy related to security.

Well, if there were a BUGS list, perhaps they would already have been
fixed. :-)

There's the GNATS database that tracks the submissions of problem
reports, including the notions of applied fixes.  I might be wrong,
but i don't think there are any reported and still open security-
related bugs in it.

Non-detected bugs are quite another matter, of course. :)

I think the most prominent security-related bug fixes have been the
``telnet bug'' (telnetd imported random environmental variables,
including the LD_* that affect the behaviour of the run-time loader),
and the infamous ``syslog bug'' (syslog(3) could trash its stack).
The fixes for both are in the latest official release, FreeBSD-2.1R.

We normally don't have the resources to provide you with two dozen
cryptically numbered ``bug fix tapes'' however...

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)