From owner-freebsd-security Tue Apr 10 17: 1:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10]) by hub.freebsd.org (Postfix) with ESMTP id BD4FA37B423 for ; Tue, 10 Apr 2001 17:01:43 -0700 (PDT) (envelope-from bmah@cisco.com) Received: from bmah-freebsd-0.cisco.com (bmah-freebsd-0.cisco.com [171.70.84.42]) by sj-msg-core-4.cisco.com (8.9.3/8.9.1) with ESMTP id RAA04240; Tue, 10 Apr 2001 17:01:46 -0700 (PDT) Received: (from bmah@localhost) by bmah-freebsd-0.cisco.com (8.11.3/8.11.1) id f3B01gD24599; Tue, 10 Apr 2001 17:01:42 -0700 (PDT) (envelope-from bmah) Message-Id: <200104110001.f3B01gD24599@bmah-freebsd-0.cisco.com> X-Mailer: exmh version 2.3.1 01/19/2001 with nmh-1.0.4 To: Nicole Harrington Cc: David , freebsd-security@FreeBSD.ORG Subject: Re: FTPD ... (to: alexus) In-Reply-To: References: Comments: In-reply-to Nicole Harrington message dated "Tue, 10 Apr 2001 16:38:59 -0700." From: "Bruce A. Mah" Reply-To: bmah@FreeBSD.ORG X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_405469367P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 10 Apr 2001 17:01:42 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --==_Exmh_405469367P Content-Type: text/plain; charset=us-ascii If memory serves me right, Nicole Harrington wrote: > Read the banner for what? > I sure wish I could find out or have in the Cert advisory that FTP daemon > version XX to XX is vulnerable. > > Does anyone know this information?? > > "We have corrected these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE" > > Current and Stable are a moving targets. How can people just say these thing > s. The statement means the fixes were committed to the relevant CVS branches as of the time the CERT advisory was written. It does not say anything about when exactly the fixes were committed. > I can assume, but we all know what that means. Stable as of When has the > patches. I can get the ftpd patch were if I don't want to do a full cvsup?? Looking through the CVS logs, ftpd.c got the globbing patches on 19 March 2001 for HEAD and 21 March 2001 for RELENG_4. (There were some changes to libc involved as well.) At this point, since the security-officer team hasn't released an advisory, there isn't an official patch. I'm not a part of that team, so don't ask. :-) Hope this helps, Bruce. --==_Exmh_405469367P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: Exmh version 2.2 06/23/2000 iD8DBQE6057l2MoxcVugUsMRAqMzAKCtTCXD0gQ1fjI8f7gjsr46Tr3qxQCeLz32 ISr8m/r1H3JYiGVyRv3Z4eI= =iJzJ -----END PGP SIGNATURE----- --==_Exmh_405469367P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message