From owner-freebsd-security@FreeBSD.ORG Sun Aug 5 12:58:56 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8311216A421 for ; Sun, 5 Aug 2007 12:58:56 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 475B013C48A for ; Sun, 5 Aug 2007 12:58:55 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id F12291E8C0B; Sun, 5 Aug 2007 12:58:54 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id B1A6C11458; Sun, 5 Aug 2007 14:58:54 +0200 (CEST) Date: Sun, 5 Aug 2007 14:58:54 +0200 From: "Simon L. Nielsen" To: Josh Paetzel Message-ID: <20070805125853.GA1023@zaphod.nitro.dk> References: <001a01c7d4ee$d73f3fe0$26c39605@A3000> <20070802105338.GA1088@zaphod.nitro.dk> <20070805124144.GH83613@tcbug.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070805124144.GH83613@tcbug.org> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-security@freebsd.org, John Freeman Subject: Re: Fw: FreeBSD Security Advisory FreeBSD-SA-07:07.bind X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Aug 2007 12:58:56 -0000 On 2007.08.05 07:41:44 -0500, Josh Paetzel wrote: > Simon L. Nielsen wrote: > > > RELENG_6 was already fixed 2007-07-25 08:23:08 UTC by dougb, so the > > patch wasn't tested against RELENG_6 at all but only against the > > release / security branches. Most of the time the released patches > > will work against the stable branches, but not always. > > This is sort of an unusual situation isn't it, where RELENG_6 is fixed > prior to the SA being released? Not really unusual although many advisories have all branches fixed at the same time. The same happened for FreeBSD-SA-07:02.bind and FreeBSD-SA-07:03.ipv6, though it was only two days between RELENG_X and advisory in those cases. In this case the time between RELENG_X fix and advisory was a bit longer since dougb was very fast in getting HEAD/RELENG_[56] fixed and we couldn't get it all ready the week the BIND vulnerability was announced. > If so it might have been useful for > the SA to say something about affecting STABLE before xxxx-xx-xx where > xxxx-xx-xx is the date that the fix was committed. It actually already does since it's part of the normal advisory header information: [Quoting FreeBSD-SA-07:07.bind] Corrected: 2007-07-25 08:23:08 UTC (RELENG_6, 6.2-STABLE) 2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7) 2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19) 2007-07-25 08:24:40 UTC (RELENG_5, 5.5-STABLE) 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) -- Simon L. Nielsen FreeBSD Security Team