Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Apr 2001 22:23:43 +0200
From:      "Michael Nottebrock" <michaelnottebrock@gmx.net>
To:        "Michael Bryan" <fbsd-secure@ursine.com>, <freebsd-security@freebsd.org>
Subject:   Re: Security Announcements?
Message-ID:  <001d01c0c1fc$23d73680$0508a8c0@lofi.dyndns.org>
References:  <3AD33218.FE8D7ACD@ursine.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
----- Original Message -----
From: "Michael Bryan" <fbsd-secure@ursine.com>
To: <freebsd-security@freebsd.org>
Sent: Tuesday, April 10, 2001 6:17 PM
Subject: Security Announcements?


>
> What's up (or not up) with security announcements these days?
> It's been some time since the NTP vulnerability came to light,
> and many other affected systems/products have made their
> announcements, but nothing official from FreeBSD yet.  Now we
> have an FTP vulnerability hitting the streets too.
>
> [And the published list of advisories jumps from FreeBSD-SA-01:25
> to FreeBSD-SA-01:30, so it looks like 26-29 are in the pipeline?]
> [...]

I agree that there is need for improvement. Let's just see what the
other OS's security people are doing about the recent ftpd-issue:

NetBSD:
ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000
-018.txt.asc
OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch
FreeBSD: Absolutely nothing, not even an official statement or some
kind of notification anywhere on the website. The fix is apparently
done, but nobody (well, okay, at least my very dumb own self) seems to
know where to get it or how to apply it. Is this due to 4.3-Release
stress? It certainly is starting to irritate people running
4.2-Release.

I really do not want to piss on anybody's legs here, but, there _are_
quite a few sites running FreeBSD ftp-servers, aren't they?

Greetings,

Michael Nottebrock


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001d01c0c1fc$23d73680$0508a8c0>