From owner-freebsd-security Fri Oct 6 15: 5:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1A4C137B66D for ; Fri, 6 Oct 2000 15:05:32 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id PAA00538; Fri, 6 Oct 2000 15:06:07 -0700 (PDT) Date: Fri, 6 Oct 2000 15:06:07 -0700 From: Kris Kennaway To: Fernando Schapachnik Cc: security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Message-ID: <20001006150607.A471@citusc17.usc.edu> References: <200010061212.JAA83234@ns1.via-net-works.net.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010061212.JAA83234@ns1.via-net-works.net.ar>; from fpscha@ns1.via-net-works.net.ar on Fri, Oct 06, 2000 at 09:12:54AM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 06, 2000 at 09:12:54AM -0300, Fernando Schapachnik wrote: > Many of you may have read this. > > It states that 4.1 is vulnerable, but doesn't mention 4.1.1. It also > provides URL to patches that are not accesible. Somebody has more > info? This was a fault on my part. I had planned to release advisory 00:52 yesterday and told HERT to go ahead and send theirs out on that day, but then I became enveloped in a little personal maelstrom of issues yesterday and didnt have time to release ours. It's just gone out now. Kris P.S. no-one apparently noticed that the previous advisory we released was numbered 00:53, skipping a number - this was because I had a draft advisory in my local system with duplicate numbers :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message