From owner-freebsd-security-notifications Mon Apr 23 20:55:50 2001 Delivered-To: freebsd-security-notifications@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B970537B423; Mon, 23 Apr 2001 20:55:47 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Received: (from jedgar@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3O3tlm46212; Mon, 23 Apr 2001 20:55:47 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Mon, 23 Apr 2001 20:55:47 -0700 (PDT) Message-Id: <200104240355.f3O3tlm46212@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:34.hylafax Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:34 Security Advisory FreeBSD, Inc. Topic: hylafax contains local compromise Category: ports Module: hylafax Announced: 2001-04-23 Credits: Marcin Dawcewicz Affects: Ports collection prior to the correction date. Corrected: 2001-04-17 Vendor status: Updated version released FreeBSD only: NO I. Background HylaFAX is a facsimile system for UNIX systems. II. Problem Description The hylafax port, versions prior to hylafax-4.1.b2_2, contains a format string bug in the hfaxd program. A local user may execute the hfaxd program with command-line arguments containing format string characters, potentially gaining root privileges on the local system. The hylafax port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 5000 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. The ports collection that shipped with FreeBSD 4.3 is not vulnerable since this problem was corrected prior to the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Local users may gain root privileges on the local system. If you have not chosen to install the hylafax port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the hylafax port/package if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the hylafax port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/comms/hylafax-4.1.b2_2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/comms/hylafax-4.1.b2_2.tgz NOTE: it may be several days before updated packages are available. [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) download a new port skeleton for the hylafax port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBOuTqs1UuHi5z0oilAQEWwgQAlhOuE800ddI0J9hiGsQKli2LJyQ18ObQ w0/rdjahJDkOLrx5IGlFe9M1IzjbeXauYT6TUnaOxfwMo58bUy1T7QZ9ROUYzE39 DzrN1JmjcTshG3HdgsdVfSwjQirYpN6uvRVWQx6ncMpuN5bSw3RZ3ci4WH/LsKty tZ9P/gD6bAs= =EFP3 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Mon Apr 23 21: 0:16 2001 Delivered-To: freebsd-security-notifications@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6177237B423; Mon, 23 Apr 2001 21:00:11 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Received: (from jedgar@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3O40BR46748; Mon, 23 Apr 2001 21:00:11 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Mon, 23 Apr 2001 21:00:11 -0700 (PDT) Message-Id: <200104240400.f3O40BR46748@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:35.licq Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:35 Security Advisory FreeBSD, Inc. Topic: licq contains multiple remote vulnerabilities Category: ports Module: licq Announced: 2001-04-23 Credits: Stan Bubrouski Affects: Ports collection prior to the correction date. Corrected: 2001-03-13 Vendor status: Updated version released FreeBSD only: NO I. Background licq is an ICQ client. II. Problem Description The licq port, versions prior to 1.0.3, contains a vulnerability in URL parsing. URLs received by the licq program are passed to the web browser using the system() function. Since licq performs no sanity checking, a remote attacker may be able to pipe commands contained in the URL causing the client to execute arbitrary commands. Additionally, the licq program also contains a buffer overflow in the logging functions allowing a remote attacker to cause licq to crash and potentially execute arbitbrary code on the local machine as the user running licq. The licq port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 5000 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. The ports collection that shipped with FreeBSD 4.3 is not vulnerable since this problem was corrected prior to the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Remote attackers may be able to crash licq or execute arbitrary commands on the local machine as the user running the licq program. If you have not chosen to install the licq port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the licq port/package if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the licq port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/licq-1.0.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/licq-1.0.3.tgz [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) download a new port skeleton for the licq port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBOuTqtFUuHi5z0oilAQGRMAQAkun9z8bA3ZGNHt0MjYrFdjFCg8EWZ4H6 3e7pQxTXJktJkI6NgNVqycjezo4PMrTI5BOm8wMjnCpElI0sapZdf5mso65iJd8D WOrQYGsPA4//1tjv7P/VAtc61k53kr0HzwvZbczwbhiQqkEKFxxN4kyRuF4f9eQ1 dFkYSVA+kVg= =J8Cm -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Mon Apr 23 21: 5: 3 2001 Delivered-To: freebsd-security-notifications@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6800737B42C; Mon, 23 Apr 2001 21:05:00 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Received: (from jedgar@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3O450S47442; Mon, 23 Apr 2001 21:05:00 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Mon, 23 Apr 2001 21:05:00 -0700 (PDT) Message-Id: <200104240405.f3O450S47442@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:36.samba Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:36 Security Advisory FreeBSD, Inc. Topic: samba ports contain locally exploitable /tmp races Category: ports Module: samba Announced: 2001-04-23 Credits: Marcus Meissner Affects: Ports collection prior to the correction date. Corrected: 2001-04-18 Vendor status: Updated version released FreeBSD only: No I. Background Samba is an implementation of the Server Message Block (SMB) protocol. II. Problem Description The samba ports, versions prior to samba-2.0.8 and samba-devel-2.2.0, contain /tmp races that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world- writable permission allowing any user to enter their own data. The samba ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 5000 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. The ports collection that shipped with FreeBSD 4.3 is not vulnerable since this problem was corrected prior to the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Unprivileged local users may cause arbitrary files or devices to be corrupted and gain increased privileges on the local system. If you have not chosen to install the samba ports/packages, then your system is not vulnerable to this problem. Samba servers that do not have any printers configured are not vulnerable. IV. Workaround Deinstall the samba port/package, if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the samba port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.0.8.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.0.8.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-devel-2.2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-devel-2.2.0.tgz NOTE: it may be several days before updated packages are available. [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) download a new port skeleton for the samba from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBOuTqtVUuHi5z0oilAQEaFAQAlriJxzRK8s/UnIJliIIGqZgdp+bTiKfs XV66+DD0+RZtWcsjPx5imCCfsWJgdurq9JpM6iWYJCir34wargJygpZRWSU/Pnov yKw2IrNbOVkp4ASRbXCqLm+Z6WZKXhbJN+f/8N+ts2XVk+QJrZWzCRqa1ynyx1I1 MpvXhM9lTvk= =qspP -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Mon Apr 23 21: 5:13 2001 Delivered-To: freebsd-security-notifications@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 910A237B424; Mon, 23 Apr 2001 21:05:10 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Received: (from jedgar@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3O45A247776; Mon, 23 Apr 2001 21:05:10 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Mon, 23 Apr 2001 21:05:10 -0700 (PDT) Message-Id: <200104240405.f3O45A247776@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:37.slrn Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:37 Security Advisory FreeBSD, Inc. Topic: slrn contains remotely-exploitable buffer overflow Category: ports Module: slrn Announced: 2001-04-23 Credits: Bill Nottingham Affects: Ports collection prior to the correction date. Corrected: 2001-04-04 Vendor status: Updated version released FreeBSD only: NO I. Background slrn is a slang-based NNTP news reader. II. Problem Description The slrn port, versions prior to slrn-0.9.7.0, contains a buffer overflow in the wrapping/unwrapping functions of message header parsing. If a sufficiently long header is parsed, a buffer may overflow allowing the execution of arbitrary code contained in a message header as the user running the slrn program. The slrn port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 5000 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. The ports collection that shipped with FreeBSD 4.3 is not vulnerable since this problem was corrected prior to the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Arbitrary code may be executed on the local machine as the user running the slrn program. If you have not chosen to install the slrn port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the slrn port/package, it you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the slrn port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/news/slrn-0.9.7.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/news/slrn-0.9.7.0.tgz [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) download a new port skeleton for the slrn port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBOuTqtVUuHi5z0oilAQHqsAP+PEzZ8FPPCrKKKDGP7gACN77r5dbbE9LF MYSVGp2Z2+vwSysJG2BOtyNrrKlUhaKTLAoWZF+7ytV9ujli+bI06R2iYoe5SqMM a7K1N1XKNvXdvq1nYjDuawIzJzl9b2B8XavPFEtwkkxDVAtq2ODKTabAtllrNnfV hD4HsUzFMRI= =al4w -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Mon Apr 23 21: 5:36 2001 Delivered-To: freebsd-security-notifications@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id F02C737B43C; Mon, 23 Apr 2001 21:05:33 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Received: (from jedgar@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3O45XJ48955; Mon, 23 Apr 2001 21:05:33 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Mon, 23 Apr 2001 21:05:33 -0700 (PDT) Message-Id: <200104240405.f3O45XJ48955@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:38.sudo Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:38 Security Advisory FreeBSD, Inc. Topic: sudo contains local buffer overflow Category: ports Module: sudo Announced: 2001-04-23 Credits: Chris Wilson Affects: Ports collection prior to the correction date. Corrected: 2001-03-07 Vendor status: Updated version released FreeBSD only: NO I. Background sudo is a program that allowss a sysadmin to give limited root privileges to users and logs root activity. II. Problem Description The sudo port, versions prior to sudo-1.6.3.7, contains a local command-line buffer overflow allowing a local user to potentially gain increased privileges on the local system. The sudo port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 5000 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. The ports collection that shipped with FreeBSD 4.3 is not vulnerable since this problem was corrected prior to the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Local users may potentially gain increased privileges on the local system. If you have not chosen to install the sudo port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the sudo port/package if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the sudo port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/sudo-1.6.3.7.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/sudo-1.6.3.7.tgz [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) download a new port skeleton for the sudo port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBOuTqtlUuHi5z0oilAQGsKQP9HXFq79DNvBXkV+03EadLPoJV1gwzG2lp KCJeMOhMc2pKgPcGIxMQ9bmLC7gI+xkr2XrjEpsUnYHCoBS2F7Jd9gKQZNLvGqVy r2hCiTKcg1rObIYML4cghlo12Ppe7saxXszBmNa4VnHZwC4ksuREvZWJc+jKJ5oz zybz712C8iQ= =CQtP -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message