From owner-freebsd-questions  Mon Aug 13 23:29:28 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-169-104-252.dsl.lsan03.pacbell.net [64.169.104.252])
	by hub.freebsd.org (Postfix) with ESMTP id 53FAD37B407
	for <freebsd-questions@FreeBSD.ORG>; Mon, 13 Aug 2001 23:29:23 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id B59CC66F68; Mon, 13 Aug 2001 23:29:22 -0700 (PDT)
Date: Mon, 13 Aug 2001 23:29:22 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: William Nunn <yorkie123@hotmail.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Remotely Exploitable telnetd bug
Message-ID: <20010813232922.A35008@xor.obsecurity.org>
References: <OE20Sx9x7BEH3PaydnL0000c0db@hotmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <OE20Sx9x7BEH3PaydnL0000c0db@hotmail.com>; from yorkie123@hotmail.com on Tue, Aug 14, 2001 at 06:48:25AM +0100
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Aug 14, 2001 at 06:48:25AM +0100, William Nunn wrote:

> I'm planning on buying freebsd, but I saw the news about the bug on
> the site. As of today Aug 14th, If I buy a new jewel case or boxed
> distribution, will it include that security flaw. I know there is a
> patch for it, but I'm interested to know if i'm spared of it.

No, the CDs haven't been reissued.  The next release (4.4) will have
the vulnerability fixed.  It's due out in a few weeks (CDs sometime
later depending on the distributor).

Kris

--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7eMVCWry0BWjoQKURAkDmAKDeF/0yMXyITfOARbeiAfvuji1NQQCffK7G
L9rUHVYmsLMPTKPbQS9fj7Q=
=HV+h
-----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message