From owner-freebsd-questions@FreeBSD.ORG  Tue Sep  3 13:57:10 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id D8A66E63
 for <freebsd-questions@freebsd.org>; Tue,  3 Sep 2013 13:57:10 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8CBDC2E5C
 for <freebsd-questions@freebsd.org>; Tue,  3 Sep 2013 13:57:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id r83DuvII095770;
 Tue, 3 Sep 2013 23:56:57 +1000 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Tue, 3 Sep 2013 23:56:57 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Jerry <jerry@seibercom.net>
Subject: Re: Potential Vulnerabilities list on US Cert
In-Reply-To: <mailman.61.1378209602.51044.freebsd-questions@freebsd.org>
Message-ID: <20130903232341.O99094@sola.nimnet.asn.au>
References: <mailman.61.1378209602.51044.freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>,
 freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2013 13:57:10 -0000

In freebsd-questions Digest, Vol 483, Issue 2, Message: 1
On Mon, 2 Sep 2013 10:41:44 -0400 Jerry <jerry@seibercom.net> wrote:

 > I usually check the US Cert listing every week to see if anything
 > interesting is listed. <https://www.us-cert.gov/ncas/bulletins/SB13-245>
 > 
 > I discovered that there are two listings for FreeBSD:
 > 
 > 1) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3077
 > 
 > 2) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5209
 > 
 > I just thought that users should be aware of this.

Thanks for the thought, Jerry.  To add to Lowell's assurance ..

If you followed the links in those vuln reports to the FreeBSD Security 
Advisories and source patches for all supported FreeBSD versions, that 
were applied prior to their announcement on 22nd August in (at least) 
the freebsd-security@ and freebsd-announce@ lists, you could have known 
a week sooner :)

Anyone running a FreeBSD system with possibly untrusted local users 
running multicast (in the case of CVE-2013-3077) or running servers 
using SCTP (in the case of CVE-2013-5209) would naturally have read 
these and have applied updates before the CERT advisories appeared.

cheers, Ian