From owner-freebsd-current Wed Nov 20 10:17:41 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 453AB37B401 for ; Wed, 20 Nov 2002 10:17:40 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C6C743E91 for ; Wed, 20 Nov 2002 10:17:39 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.6/8.12.5) with SMTP id gAKIHbBF050426; Wed, 20 Nov 2002 13:17:37 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Wed, 20 Nov 2002 13:17:36 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Steve Kargl Cc: freebsd-current@freebsd.org Subject: Re: NetBSD ftpd security advisory In-Reply-To: <20021120175605.GA31453@troutmask.apl.washington.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 20 Nov 2002, Steve Kargl wrote: > NetBSD.org has a security advisory about potential problems with their > ftpd. If this is part of lukemftp, then the issue of removing/updating > lukemftp needs to be addressed for FreeBSD 5.0 RELEASE. > > ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-027.txt.asc Lukemftpd's build and install has been unplugged from the 5.0-CURRENT and 4.x-STABLE branches, so other than the fact that we ship the source, it's somewhat addressed. Mail has been sent to the security-officer, so hopefully we'll know soon whether the lukemftpd shipped with 4.7 was vulnerable. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message