From owner-freebsd-security@FreeBSD.ORG Sun Apr 13 22:38:38 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3AC7A449 for ; Sun, 13 Apr 2014 22:38:38 +0000 (UTC) Received: from mail-ee0-x22c.google.com (mail-ee0-x22c.google.com [IPv6:2a00:1450:4013:c00::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B9D191CF9 for ; Sun, 13 Apr 2014 22:38:37 +0000 (UTC) Received: by mail-ee0-f44.google.com with SMTP id e49so6057264eek.3 for ; Sun, 13 Apr 2014 15:38:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type; bh=sb+XcKqBFz0rIk2Ft9F+Ru28xCgtsBd7WJvObKHYpv0=; b=L6x21MPtJYgH/Piowyi697/NSTQz5Rl5AwfFYG5Dsvpi3FXJOnCPwamQGxB8nbKkDZ 6vHCi2PH50WLaQA+EQnYNOmEpltObZ7OhGOOYiU7EKiFPf9tQ927GkckCu1BNGDsXj49 3iaqu+IkRpn5Xd+Pyi1tjp6IHtnH3zBXD3uzvJs5qWBpJ9chLXh8u2l11i62+jQkj9Wl VPoKm0FxjA/HJ50eDSjRgNn8b3pYVpDfejaVAXMT0nrFOq3+MukW213VRAz25fZWAt9t q7+nB7dXOOpl+EMYzmZ8TjyXkodYVSPhyisrPVa3GF3w+/Ni1H5KgIVqWGdEH05PEPIU oluQ== X-Received: by 10.14.48.2 with SMTP id u2mr41578743eeb.5.1397428714612; Sun, 13 Apr 2014 15:38:34 -0700 (PDT) Received: from [192.168.10.16] ([77.70.57.248]) by mx.google.com with ESMTPSA id q49sm36208558eem.34.2014.04.13.15.38.32 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 13 Apr 2014 15:38:33 -0700 (PDT) Message-ID: <534B11E7.7080207@paladin.bulgarpress.com> Date: Mon, 14 Apr 2014 01:38:31 +0300 From: Mailing lists User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: De Raadt + FBSD + OpenSSH + hole? X-Mailman-Approved-At: Sun, 13 Apr 2014 23:59:47 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2014 22:38:38 -0000 Hi everyone, I came across this : https://groups.google.com/forum/#!topic/mailing.openbsd.tech/xALfxxR3oKo " You are welcome. Stuart Henderson wrote the draft, but he forgot that part, and Damien Miller and I realized it was needed. We sensed there might be some ambiguity... we'll take care the next time an OpenOffice problem also. ... as long as you aren't using FreeBSD or a derivative (hint: Jupiper), you are fine. That's the only place I know of an OpenSSH hole. Oh now I sense some angst. Please ask Kirk McKusick, he knows the story about why this is not being disclosed to FreeBSD. Sometimes I feel a bit sorry for them (and for him), but then the next minute I don't feel sorry because there's damn good reasons they won't be told about what I found. Does that answer help? Hope so." Any guidance here?