Date: Tue, 19 Mar 2002 14:28:56 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> Cc: security@FreeBSD.ORG Subject: Re: TCP connections on broadcast address - why no advisory? Message-ID: <20020319142856.A67739@blossom.cjclark.org> In-Reply-To: <785082402.20020319134231@internethelp.ru>; from nkritsky@internethelp.ru on Tue, Mar 19, 2002 at 01:42:31PM %2B0300 References: <785082402.20020319134231@internethelp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 19, 2002 at 01:42:31PM +0300, Nickolay A. Kritsky wrote: > Hello, freebsd-security. > > On the Bugtraq I have read report by Christ J. Clark about TCP > connections on broadcast address. It can be found on > http://online.securityfocus.com/archive/1/262733 . In this advisories > I've read following: > > <quote> > I committed changes to FreeBSD 5-CURRENT on Feburary 25th (CVS > revision 1.148) and to 4-STABLE on February 28th (revision > 1.107.2.21). After discussion with the FreeBSD security-officer@ team, > these changes will not be incorporated into the RELENG_4_{3,4,5} > security-fix branches nor will an advisory be released. > </quote> > > Why no advisory will be released? What if I wasn't subscribed to > BUGTRAQ? How would I know about this bug? Maybe I missed something. > Sorry then. There was a fairly long discussion on freebsd-net@. Also there was the original discussion on freebsd-bugs@ when I came across the PR. Obviously, the commit messages went out on cvs-all@ for the pactches to both branches. In addition, there were several side threads in which I was involved that didn't take place on lists (the discussions with security-officer@ for example). What I am saying is that after all of the FreeBSD related email I sent and received on the topic, from my point of view, it seemed like anyone one who follows anything FreeBSD security or network related would have already heard about this issue. But reviewing everything now, I guess there may be an audience on freebsd-security@ that could have managed to miss all of that. I thought one of the threads on the issue had spilled over onto -security, but it looks like that was not an accurate recollection. I should have probably CCed the BugTraq report here. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020319142856.A67739>