Date: Tue, 10 Apr 2001 17:01:42 -0700 From: "Bruce A. Mah" <bmah@FreeBSD.ORG> To: Nicole Harrington <nmh@daemontech.com> Cc: David <habeeb@cfl.rr.com>, freebsd-security@FreeBSD.ORG Subject: Re: FTPD ... (to: alexus) Message-ID: <200104110001.f3B01gD24599@bmah-freebsd-0.cisco.com> In-Reply-To: <XFMail.010410163859.nmh@daemontech.com> References: <XFMail.010410163859.nmh@daemontech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_405469367P Content-Type: text/plain; charset=us-ascii If memory serves me right, Nicole Harrington wrote: > Read the banner for what? > I sure wish I could find out or have in the Cert advisory that FTP daemon > version XX to XX is vulnerable. > > Does anyone know this information?? > > "We have corrected these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE" > > Current and Stable are a moving targets. How can people just say these thing > s. The statement means the fixes were committed to the relevant CVS branches as of the time the CERT advisory was written. It does not say anything about when exactly the fixes were committed. > I can assume, but we all know what that means. Stable as of When has the > patches. I can get the ftpd patch were if I don't want to do a full cvsup?? Looking through the CVS logs, ftpd.c got the globbing patches on 19 March 2001 for HEAD and 21 March 2001 for RELENG_4. (There were some changes to libc involved as well.) At this point, since the security-officer team hasn't released an advisory, there isn't an official patch. I'm not a part of that team, so don't ask. :-) Hope this helps, Bruce. --==_Exmh_405469367P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: Exmh version 2.2 06/23/2000 iD8DBQE6057l2MoxcVugUsMRAqMzAKCtTCXD0gQ1fjI8f7gjsr46Tr3qxQCeLz32 ISr8m/r1H3JYiGVyRv3Z4eI= =iJzJ -----END PGP SIGNATURE----- --==_Exmh_405469367P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104110001.f3B01gD24599>