From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  1 21:23:23 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 78C551065675
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 21:23:23 +0000 (UTC)
	(envelope-from bruce@cran.org.uk)
Received: from muon.cran.org.uk (unknown [IPv6:2a01:348:0:15:5d59:5c40:0:1])
	by mx1.freebsd.org (Postfix) with ESMTP id 0D73F8FC1A
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 21:23:23 +0000 (UTC)
Received: from muon.cran.org.uk (localhost [127.0.0.1])
	by muon.cran.org.uk (Postfix) with ESMTP id B8C7FE615F;
	Fri,  1 Oct 2010 22:23:21 +0100 (BST)
Received: from unknown (client-82-31-11-222.midd.adsl.virginmedia.com
	[82.31.11.222])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	by muon.cran.org.uk (Postfix) with ESMTPSA;
	Fri,  1 Oct 2010 22:23:20 +0100 (BST)
Date: Fri, 1 Oct 2010 22:23:16 +0100
From: Bruce Cran <bruce@cran.org.uk>
To: Jason <jhelfman@e-e.com>
Message-ID: <20101001222316.00004e8c@unknown>
In-Reply-To: <20101001210014.GD86640@eggman.experts-exchange.com>
References: <20101001121332.5b04fa61@scorpio>
	<20101001171420.GE40148@dan.emsphone.com>
	<20101001165940.5d0e73f5@scorpio>
	<20101001210014.GD86640@eggman.experts-exchange.com>
X-Mailer: Claws Mail 3.7.6 (GTK+ 2.16.6; i586-pc-mingw32msvc)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: FreeBSD <freebsd-questions@freebsd.org>, Jerry <freebsd.user@seibercom.net>
Subject: Re: Updating bzip2 to remove potential security vulnerability
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2010 21:23:23 -0000

On Fri, 1 Oct 2010 14:00:16 -0700
Jason <jhelfman@e-e.com> wrote:

> On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake:
> >On Fri, 1 Oct 2010 12:14:20 -0500
> >Dan Nelson <dnelson@allantgroup.com> articulated:
> >
> >> You must have missed
> >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ;
> >> patches for 6, 7, and 8 are available there, and freebsd-update has
> >> fixed binaries if you use that.
> >
> >Never saw it. So I am assuming that simply using something like:
> >
> >csup -L2 -h cvsup.FreeBSD.org
> >"/usr/src/share/examples/cvsup/standard-supfile"
> >
> >Then rebuild Kernel & World is not going to work. Is that correct?
> 
> The update instructions are in the announcement. Here is a snippet
> from it:

Or yes, you can just update to the latest sources via csup - it's been
fixed in all supported security branches as well as HEAD (see
http://svn.freebsd.org/viewvc/base/releng/8.1/UPDATING?view=log for
example).

-- 
Bruce Cran