From owner-freebsd-security  Wed Jun 26 12:58:24 2002
Delivered-To: freebsd-security@freebsd.org
Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3])
	by hub.freebsd.org (Postfix) with ESMTP id 2425A37C136
	for <freebsd-security@freebsd.org>; Wed, 26 Jun 2002 12:20:10 -0700 (PDT)
Received: from cvs.openbsd.org (deraadt@localhost [127.0.0.1])
	by cvs.openbsd.org (8.12.4/8.12.1) with ESMTP id g5QJJLLI018466;
	Wed, 26 Jun 2002 13:19:21 -0600 (MDT)
Message-Id: <200206261919.g5QJJLLI018466@cvs.openbsd.org>
To: Benjamin Krueger <benjamin@seattleFenix.net>
Cc: Travis Cole <kelp@plek.org>, freebsd-security@freebsd.org
Subject: Re: Wow 
In-reply-to: Your message of "Wed, 26 Jun 2002 12:17:54 PDT."
             <20020626121754.F8071@mail.seattleFenix.net> 
Date: Wed, 26 Jun 2002 13:19:21 -0600
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> * Theo de Raadt (deraadt@cvs.openbsd.org) [020626 12:02]:
> > > On Wed, Jun 26, 2002 at 11:41:03AM -0600, Theo de Raadt wrote:
> > > > Man, you guys sure do talk shit a lot.  But anyways, that is hardly
> > > > surprising or news.
> > > > 
> > > > I do have a question though.
> > > > 
> > > > Did any of you get broken in via this hole yet?
> > > 
> > > Nope.  Just wasted a good part of yesterday upgrading 60 boxes
> > > from a non-vulnerable version of OpenSSH to a version with a now
> > > known remote exploit.
> > > 
> > > I think the PR for this issue could have been a bit better...
> > 
> > We also did 5600 lines of further security auditing work over the last
> > week.  We're fairly convinced that some of the things we changed are
> > relevant as well.  ie.  more holes.
> > 
> > And that is commited in 3.4
> 
> Theo,
> 
>   When will we see an advisory and/or patches for older versions regarding
> the other holes that you have uncovered?

You won't.

I've barely slept in a week.

So many of you are being totally unreasonable people.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message