Date: Sat, 25 Jun 2005 13:06:28 +0200 From: Uwe Doering <gemini@geminix.org> To: Richard Coleman <rcoleman@criticalmagic.com> Cc: freebsd-security@freebsd.org Subject: Re: Any status on timestamp vulnerability fix for 4.X? Message-ID: <42BD3AB4.2030209@geminix.org> In-Reply-To: <42BC5054.908@criticalmagic.com> References: <42BC5054.908@criticalmagic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Richard Coleman wrote: > Any information on when (or if) the following timestamp vulnerability > will be fixed for 4.X? Any information would be appreciated. > > http://www.kb.cert.org/vuls/id/637934 FYI, the fix for RELENG_5 applies to RELENG_4 as is (apart from the CVS version header, of course): http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=u After verifying its semantic correctness for RELENG_4 we've been running the patch for a couple of weeks now with no ill effects. I'm posting this also as an encouragement for committers to go ahead and do the MFC. It's low hanging fruit. Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42BD3AB4.2030209>