From owner-freebsd-security Thu Mar 13 4:51:39 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC5DA37B404; Thu, 13 Mar 2003 04:51:36 -0800 (PST) Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 149D243FD7; Thu, 13 Mar 2003 04:51:36 -0800 (PST) (envelope-from mike@sentex.net) Received: from house.sentex.net (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.12.8/8.12.6) with ESMTP id h2DCpa8X059414; Thu, 13 Mar 2003 07:51:36 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030313074828.07290af0@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 13 Mar 2003 07:49:31 -0500 To: obrien@FreeBSD.ORG From: Mike Tancsa Subject: MFC of file security fix ? (was Re: Prov. patch for the file hole ISS disclosed) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20030311181452.GA59655@dragon.nuxi.com> References: <20030311174126.GA57179@madman.celabo.org> <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> <5.2.0.9.2.20030311113159.0386fea0@localhost> <20030311174126.GA57179@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Is there still a plan to MFC this to RELENG_4 ? ---Mike At 10:14 AM 3/11/2003 -0800, David O'Brien wrote: >On Tue, Mar 11, 2003 at 11:41:27AM -0600, Jacques A. Vidrine wrote: > > On Tue, Mar 11, 2003 at 11:34:40AM -0600, Christopher Schulte wrote: > > > At 09:41 AM 3/6/2003 -0600, Jacques A. Vidrine wrote: > > > >Thanks! However, this has already been fixed in -CURRENT (by import > > > >of FILE 3.41). I do not know whether or not David plans to MFC in > > > >time for 4.8-RELEASE. > > > > > > I think this should be merged into the security branches, > > > due to possible remote exploit by third party programs that > > > use file, such as (at the very least) amavis. > > > > I tend to agree. > > > > David? > >Up to you. I'm going to do an MFC for 4.8. I am not very well setup to >test the security branches. Do you want me to just MFC exactly what I >committed to 5-CURRENT to the 5_0 branch (it should Just Work). Same for >the 4_7 branch. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message