Date: Wed, 1 Dec 1999 11:08:32 -0800 From: Bill Swingle <unfurl@dub.net> To: Wes Peters <wes@softweyr.com> Subject: Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] Message-ID: <19991201110832.A74323@dub.net> In-Reply-To: <38456ED0.D25139C7@softweyr.com> References: <19991201093242.A71817@dub.net> <38456ED0.D25139C7@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 01, 1999 at 11:54:08AM -0700, Wes Peters wrote: > Bill Swingle wrote: > > > > Ok, so I know these are all vulnerabilities in third party software, and > > that the actual problem with each program is not really ours to fix but > > each of these problems can be avoided with small changes to the > > respective ports. > > > > FreeBSD vulnerabilities are few and far between, and even fewer are > > published on Bugtraq. Having something as simple as this get past us is > > really embarassing. It says to the security community at large that > > we're not even concerned enough with security to fix these small holes. > > We all know that's not true. > > > > I'm not sure who dropped the ball here, and I'm not pointing fingers. I > > just hope that we can pull together in the future to avoid more of this. > > Before we go hopping around yammering about "not caring about security" or > "dropping the ball" it might be effective to ask "has anyone ever reported > these problems before?" *I* haven't seen any of them reported, and I've > been on this mail list for 3 or 4 years. Wes, the post to bugtraq indicated that they had notified whoever is in charge of security. If you take a look at the page that's linked off the "Security" link at www.freebsd.org it specificly states that bug reports should be sent to security-officer@freebsd.org. This would be why you've not seen reports of these things here. I don't want to just whine about this. I'd really like to see this process improved. How can we help the team of ppl behind the security-officer address? Is there anything that I/we can do? -Bill -- -=| --- B i l l S w i n g l e --- http://www.dub.net/ -=| unfurl@dub.net - unfurl@freebsd.org - bill@cdrom.com -=| Different all twisty a of in maze are you, passages little To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991201110832.A74323>