Date: Mon, 27 Aug 2001 16:48:05 -0400 (EDT) From: Igor Roshchin <str@giganda.komkon.org> To: n@nectar.com (Jacques A. Vidrine) Cc: freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: procmail, squid: any takers? Message-ID: <200108272048.f7RKm5k67160@giganda.komkon.org> In-Reply-To: <20010827081503.F70454@madman.nectar.com> from "Jacques A. Vidrine" at Aug 27, 2001 08:15:03 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Mon, Aug 27, 2001 at 05:06:45PM +0400, Nickolay A.Kritsky wrote: > > I am not sure that I understood you correctly. Do you mean that squid > > and procmail ports have some unpatched bugs? > > Oops, I brain-o'd the To: line. > > No, the squid and procmail had bugs that have been patched, but for > which we have not yet issued advisories. > > Sorry for the confusion, > -- > Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org > Disclaimer: I am not trying to bash anybody here, and I might not have all information available. Upon a quick look at ftp.freebsd.org/pub/FreeBSD/branches/-current/ports/mail/procmail it appears that the last changes to procmail were done on Jun 30 (It looks like the version of the procmail was updated). So, if according to Jacques, some bug was recently patched, it was probably done by the authors of procmail. (As a matter of fact, procmail does list those fixes at http://www.procmail.org/ and http://www.procmail.org/procmail.HISTORY.html ) I was not able to find any FreeBSD advisory issued on that part, It seems to be a rather long delay for an advisory, especially the one for the problem fixed by the vendor. (I admit, I am not sure how serious/exploitable this problem is) I am not sure about squid port, there are too many variations of that port, and in any case, I don't think researching of that makes any sense. The main point is that with the trust of the FreeBSD users to the FreeBSD core-team and security-officer(s) in particular, developed over the years of great work of FreeBSD team, people rely [well, maybe sometimes somewhat reluctantly] on the FreeBSD advisories, and their timely appearance. Regards, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108272048.f7RKm5k67160>