From owner-cvs-all  Sat Nov 25 13:23: 0 2000
Delivered-To: cvs-all@freebsd.org
Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38])
	by hub.freebsd.org (Postfix) with ESMTP
	id D066437B479; Sat, 25 Nov 2000 13:22:56 -0800 (PST)
Received: from dragon.nuxi.com (root@trang.nuxi.com [209.152.133.57])
	by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id NAA56468;
	Sat, 25 Nov 2000 13:22:56 -0800 (PST)
	(envelope-from obrien@NUXI.com)
Received: (from obrien@localhost)
	by dragon.nuxi.com (8.11.1/8.11.1) id eAPLMtB02385;
	Sat, 25 Nov 2000 13:22:55 -0800 (PST)
	(envelope-from obrien)
Date: Sat, 25 Nov 2000 13:22:49 -0800
From: "David O'Brien" <obrien@FreeBSD.org>
To: "Brian F. Feldman" <green@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c
Message-ID: <20001125132249.A2361@dragon.nuxi.com>
Reply-To: obrien@FreeBSD.org
References: <bright@wintelcom.net> <200011251415.eAPEFL566372@green.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200011251415.eAPEFL566372@green.dyndns.org>; from green@FreeBSD.org on Sat, Nov 25, 2000 at 09:15:21AM -0500
X-Operating-System: FreeBSD 5.0-CURRENT
Organization: The NUXI BSD group
X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Rsa-Keyid: 1024/34F9F9D5
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Nov 25, 2000 at 09:15:21AM -0500, Brian F. Feldman wrote:
> > What's going on here?  And why was it MFC'd already?
> 
> It can expose up to 16 bytes of wheel-readable data.  That's bad!

That's not such a bad vulnerability that you shouldn't have waited at
least 1-2 days for this to sit in -CURRENT to give people a chance to
comment.

-- 
-- David  (obrien@FreeBSD.org)
          GNU is Not Unix / Linux Is Not UniX


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message