From owner-freebsd-security Tue Apr 10 14:25:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 42F7537B42C for ; Tue, 10 Apr 2001 14:25:12 -0700 (PDT) (envelope-from michaelnottebrock@gmx.net) Received: (qmail 12728 invoked by uid 0); 10 Apr 2001 21:25:10 -0000 Received: from pd950a1c0.dip.t-dialin.net (HELO lofizwei) (217.80.161.192) by mail.gmx.net (mp020-rz3) with SMTP; 10 Apr 2001 21:25:10 -0000 Message-ID: <00fb01c0c204$b97cde80$0508a8c0@lofi.dyndns.org> From: "Michael Nottebrock" To: "Ben Smithurst" Cc: "Michael Bryan" , References: <3AD33218.FE8D7ACD@ursine.com> <001d01c0c1fc$23d73680$0508a8c0@lofi.dyndns.org> <20010410215014.A8173@scientia.demon.co.uk> Subject: Re: Security Announcements? Date: Tue, 10 Apr 2001 23:25:10 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: "Ben Smithurst" To: "Michael Nottebrock" Cc: "Michael Bryan" ; Sent: Tuesday, April 10, 2001 10:50 PM Subject: Re: Security Announcements? > Michael Nottebrock wrote: > > > I agree that there is need for improvement. Let's just see what the > > other OS's security people are doing about the recent ftpd-issue: > > > > NetBSD: > > ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000 > > -018.txt.asc > > OpenBSD: > > ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch > > FreeBSD: Absolutely nothing > > I'm pretty sure that's complete and utter bollocks, unless I'm > misunderstanding the issue, or thinking of another ftpd-issue. The way you are quoting me, indeed it would be. But, as can be clearly seen by looking at the topic of this thread, I was talking about the missing _announcements_, not about the fixes itself. And before you tell me to, yes, I did read the actual CERT-advisory, which also contained the 'official' statement from FreeBSD, which does not mention ANY correction dates. > > It certainly is starting to irritate people running > > 4.2-Release. > > Well if you want the latest security fixes you shouldn't be running a > -release anyway, that's that the -stable branch is for. To quote http://www.freebsd.org/security/#adv: "The FreeBSD Security Officers provide security advisories for the following releases of FreeBSD: - The most recent official release of FreeBSD." and: "At this time, security advisories are being released for: - FreeBSD 3.5.1-STABLE - FreeBSD 4.2-RELEASE - FreeBSD 4.2-STABLE " Again, I am not saying that nothing is done, just that the others are obviously doing it (a lot) quicker. Greetings, Michael Nottebrock To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message