From owner-freebsd-security@FreeBSD.ORG Thu Sep 18 07:50:08 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97F4A16A4B3 for ; Thu, 18 Sep 2003 07:50:08 -0700 (PDT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9464843FB1 for ; Thu, 18 Sep 2003 07:50:07 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 2160A5482B; Thu, 18 Sep 2003 09:50:07 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id A9FF06D454; Thu, 18 Sep 2003 09:50:06 -0500 (CDT) Date: Thu, 18 Sep 2003 09:50:06 -0500 From: "Jacques A. Vidrine" To: James Raftery Message-ID: <20030918145005.GB32994@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , James Raftery , freebsd-security@freebsd.org References: <200309172237.h8HMbuvK078935@freefall.freebsd.org> <20030918100907.GA85007@bender.kerna.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030918100907.GA85007@bender.kerna.ie> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:12.openssh [REVISED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 14:50:08 -0000 On Thu, Sep 18, 2003 at 11:09:07AM +0100, James Raftery wrote: > On Wed, Sep 17, 2003 at 03:37:56PM -0700, FreeBSD Security Advisories wrote: > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch > [snip] > > The patch above doesn't appear to modify src/crypto/openssh/version.h > > > Branch Version string > > - ------------------------------------------------------------------------- > > RELENG_4_7 OpenSSH_3.4p1 FreeBSD-20030917 > > After patching (on the 4.7 security branch), my version string still > says: > > sshd version OpenSSH_3.4p1 FreeBSD-20020702 > > Would the Security Team mind publishing a version of the patch that > modifies the version string? The patch is crafted specifically to apply to the widest range of FreeBSD versions as possible. In this way we have three patches to distribute instead of 1 per release. (Likewise, there is a single sendmail patch instead of 1 per release.) Use CVSup if you want to actually track the security branches. Use the patch if you just want a quick fix. You can also pull down the ancilliary patches (version.h, newvers.sh, UPDATING, etc) via other mechanisms (e.g. anon CVS, cvsweb) if you like. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se