From owner-freebsd-security Sun Dec 10 20: 2:36 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 10 20:02:34 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123]) by hub.freebsd.org (Postfix) with ESMTP id C95C037B400 for ; Sun, 10 Dec 2000 20:02:33 -0800 (PST) Received: (from kris@localhost) by citusc.usc.edu (8.9.3/8.9.3) id UAA22299; Sun, 10 Dec 2000 20:03:40 -0800 Date: Sun, 10 Dec 2000 20:03:40 -0800 From: kris@citusc.usc.edu To: Matt Watson Cc: Roman Shterenzon , freebsd-security@FreeBSD.ORG, cj@vallcom.net Subject: Re: Buffer vulnerability in BitchX irc client Message-ID: <20001210200340.D22065@citusc.usc.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from sideshow@terahertz.net on Sun, Dec 10, 2000 at 11:42:47AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Dec 10, 2000 at 11:42:47AM -0600, Matt Watson wrote: > This bug is already known to the bitchx coders and has already been > patched in the CVS. Shortly i will be posting the patches for 75p3 and > 1.0c17 on www.bitchx.org and ftp.bitchx.org as soon as i get my hands on > them. I'm not the maintainers of the port but I do run the bitchx.org > sites, so, should the port be downloading from ftp.bitchx.org there will > be no need to include a special patch in the port. Please don't modify an already released version without changing the version number - it will change the MD5 checksum for a start, so the port will no longer build, and makes more work for port maintainers when they have to go into the distfile and compare it with the old version to find out what changed. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message