Date: Thu, 29 Nov 2007 21:12:12 +0000 From: Alexey Dokuchaev <danfe@FreeBSD.org> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/contrib/tar/src misc.c src/sys/dev/random yarrow.c Message-ID: <20071129211212.GA43802@FreeBSD.org> In-Reply-To: <20071129202334.GA1160@zaphod.nitro.dk> References: <200711291608.lATG8s7Q067912@repoman.freebsd.org> <20071129180038.GA598@FreeBSD.org> <20071129202334.GA1160@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 29, 2007 at 09:23:35PM +0100, Simon L. Nielsen wrote: > On 2007.11.29 18:00:38 +0000, Alexey Dokuchaev wrote: > > On Thu, Nov 29, 2007 at 04:08:54PM +0000, Simon L. Nielsen wrote: > > > simon 2007-11-29 16:08:54 UTC > > > > > > FreeBSD src repository > > > > > > Modified files: (Branch: RELENG_5) > > > contrib/tar/src misc.c > > > sys/dev/random yarrow.c > > > Log: > > > Correct a random value disclosure in random(4). [07:09] > > > > > > Correct a gtar directory traversal vulnerability. [07:10] > > > > > > Security: FreeBSD-SA-07:09.random > > > Security: FreeBSD-SA-07:10.gtar > > > > Is 4.x vulnerable? > > For gtar, very likely. Yeah, I've seen jhb@ had fixed it in RELENG_4. > has older random code which isn't affected (at least I seem to recall > it was different).. OK. ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071129211212.GA43802>