Date: Tue, 10 Apr 2001 11:19:33 -0600 From: Brett Glass <brett@lariat.org> To: Walter Hop <walter@binity.com> Cc: freebsd-security@freebsd.org Subject: Re: Will fixes for these FTP holes be MFC'ed in before release? Message-ID: <4.3.2.7.2.20010410111026.045afcc0@localhost> In-Reply-To: <15983947780.20010410185428@binity.com> References: <4.3.2.7.2.20010410102556.04595560@localhost> <4.3.2.7.2.20010410102556.04595560@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:54 AM 4/10/2001, Walter Hop wrote: >Yes. http://www.cert.org/advisories/CA-2001-07.html says, > >"FreeBSD, Inc. > > FreeBSD is vulnerable to the glob-related bugs. We have corrected > these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE, and they > will not be present in FreeBSD 4.3-RELEASE." I did notice this. However, when I look back at the CVS respository, I see that the most recently changed file is popen.c, which was changed 3 weeks ago. The change was related to globbing, but doesn't seem to cover all of the routines mentioned in http://www.pgp.com/research/covert/advisories/048.asp All of the other mods are significantly older. So it probably pays to double-check and make sure that there are not still holes. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20010410111026.045afcc0>