Date: Mon, 18 Mar 2002 12:24:57 -0800 From: "Bruce A. Mah" <bmah@FreeBSD.ORG> To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> Cc: "Bruce A. Mah" <bmah@FreeBSD.ORG>, Udo Erdelhoff <ue@nathan.ruhr.de>, freebsd-doc@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: cvs commit: src/release/doc/en_US.ISO8859-1/relnotes/common new.sgml Message-ID: <200203182024.g2IKOw133215@bmah.dyndns.org> In-Reply-To: <20020317231953.GD36506@hellblazer.nectar.cc> References: <200203090112.g291C4A36851@freefall.freebsd.org> <20020310191230.E89278@nathan.ruhr.de> <200203131650.g2DGoWr36860@bmah.dyndns.org> <20020317231953.GD36506@hellblazer.nectar.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
If memory serves me right, "Jacques A. Vidrine" wrote: > On Wed, Mar 13, 2002 at 08:50:32AM -0800, Bruce A. Mah wrote: > > If memory serves me right, Udo Erdelhoff wrote: > > > but I think this part should be clearer. According to the advisories > > > I have read, a 'bad' server can abuse the client. My suggestion > > > is to replace this part with "or allowed a malicous SSH server to > > > execute arbitrary code on the client system with the privileges of > > > the client user". > > > > Sorry for the delay. You're probably right here...any comments from the > > security officer team? > > I think Udo's suggestion would indeed be clearer. Great. I'll commit this. > On the other hand, summarizing security advisories can be tricky > business. You might want to consider in the future just saying, ``Foo > was b0rken. See FreeBSD-SA-02:NN.foo'' or some such to save yourself > the trouble. It's not troublesome...usually I get it right but for a variety of reasons I was sloppy on SA-02:13. Thanks, Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203182024.g2IKOw133215>