From owner-freebsd-ports Thu May 18 0:27:31 2000 Delivered-To: freebsd-ports@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.146]) by hub.freebsd.org (Postfix) with ESMTP id 66A5837B5B3; Thu, 18 May 2000 00:27:25 -0700 (PDT) (envelope-from trevor@jpj.net) Received: from localhost (trevor@localhost) by blues.jpj.net (right/backatcha) with ESMTP id e4I7RC412940; Thu, 18 May 2000 03:27:13 -0400 (EDT) Date: Thu, 18 May 2000 03:27:12 -0400 (EDT) From: Trevor Johnson To: Gregory Bond Cc: ports@FreeBSD.ORG, FreeBSD Security Officer Subject: Re: Netscape47 ports outdated In-Reply-To: <200005162350.JAA21942@lightning.itga.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Gregory Bond wrote: > The Makefiles for the Netscape47 ports are still looking for 4.72, but the > version available from netscape.com is 4.73. Some of the ports have been updated, and updates have been submitted for others. There is a CERT advisory (CA-2000-05, "Netscape Navigator Improperly Validates SSL Sessions") at http://www.cert.org/advisories/CA-2000-05.html . It says "Systems running Netscape Navigator 4.72, 4.61, and 4.07 [are affected]. Other versions less than 4.72 are likely to be affected as well." The problem is also described at http://home.netscape.com/security/notes/index.html . According to both, version 4.73 is not vulnerable. I suggest that: - updates to the Netscape 4.7 ports receive priority - the FreeBSD security officer issue an alert -- Trevor Johnson http://jpj.net/~trevor/gpgkey.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message