From owner-svn-doc-all@FreeBSD.ORG Mon Jul 8 01:51:27 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 1A512AF0; Mon, 8 Jul 2013 01:51:27 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) by mx1.freebsd.org (Postfix) with ESMTP id 9100A1024; Mon, 8 Jul 2013 01:51:26 +0000 (UTC) X-AuditID: 1209190e-b7f988e0000009a7-5a-51da19eb0d37 Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 55.1E.02471.BE91AD15; Sun, 7 Jul 2013 21:46:19 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id r681kIwN009230; Sun, 7 Jul 2013 21:46:18 -0400 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r681kFrS007828 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 7 Jul 2013 21:46:17 -0400 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id r681kEXq027059; Sun, 7 Jul 2013 21:46:14 -0400 (EDT) Date: Sun, 7 Jul 2013 21:46:14 -0400 (EDT) From: Benjamin Kaduk To: Gabor Pali Subject: Re: svn commit: r42183 - head/en_US.ISO8859-1/htdocs/news/status In-Reply-To: <201307070533.r675XX5J058777@svn.freebsd.org> Message-ID: References: <201307070533.r675XX5J058777@svn.freebsd.org> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHIsWRmVeSWpSXmKPExsUixCmqrPta8lagwZ2zbBY/Ph5ispiz+imj xY1F+5ksdvf3MjuweMz4NJ8lgDGKyyYlNSezLLVI3y6BK2PnjpksBR9FK/p6nzI3MG4Q7GLk 5JAQMJE4vXM+G4QtJnHh3nogm4tDSGAfo0TjpncsEM4GRolfu95COQeZJO50n2IFaRESqJc4 sO0iM4jNIqAlcfHrAnYQm01ARWLmm41gY0UEFCRO7+hhAbGZBaIk9ixtBOsVFvCUWLt8IVg9 p4CVxInV78FsXgFHiQXnOxgh5ltK/J7aBxYXFdCRWL1/CgtEjaDEyZlPoGZaSpz7c51tAqPg LCSpWUhSCxiZVjHKpuRW6eYmZuYUpybrFicn5uWlFuka6+VmluilppRuYgQHrSTfDsavB5UO MQpwMCrx8J44fzNQiDWxrLgy9xCjJAeTkijvLaFbgUJ8SfkplRmJxRnxRaU5qcWHGCU4mJVE eMVZgXK8KYmVValF+TApaQ4WJXHeZ0/PBgoJpCeWpGanphakFsFkZTg4lCR430kANQoWpaan VqRl5pQgpJk4OEGG8wANvwVSw1tckJhbnJkOkT/FqMsx+eyW94xCLHn5ealS4ry/QIoEQIoy SvPg5sCSzStGcaC3hHkfglTxABMV3KRXQEuYgJZ03b8GsqQkESEl1cBo8k4jmE11isHmhQIN sy02uUblzCzwTDS43ij8smLr8s6uPN/GZ5Jx5gyL/2n4/Pwx0ZFpveX+Ww90TpzdsLHq8A+z Y6WR9d5Rbua5q6okZVb9+3xe1PmxJv/yr06NW6uyPFNzVsY5P2WLOWvcfJbrw//Y0+8uTWnj 8s2T3la0v/bM1qi2jQeUWIozEg21mIuKEwHpaW9xEQMAAA== Cc: svn-doc-head@freebsd.org, svn-doc-all@freebsd.org, doc-committers@freebsd.org X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2013 01:51:27 -0000 On Sun, 7 Jul 2013, Gabor Pali wrote: > Author: pgj > Date: Sun Jul 7 05:33:33 2013 > New Revision: 42183 > URL: http://svnweb.freebsd.org/changeset/doc/42183 > > Log: > - Add a Q2 entry for secteam > > Submitted by: gnn > > Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml > ============================================================================== > --- head/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml Sat Jul 6 23:15:13 2013 (r42182) > +++ head/en_US.ISO8859-1/htdocs/news/status/report-2013-04-2013-06.xml Sun Jul 7 05:33:33 2013 (r42183) > @@ -1037,4 +1037,51 @@ > Fix x11-themes/gtk-xfce-engine with Gtk+ >=3.6. > > > + > + > + &os; Security Team > + > + > + > + > + &os; Security Team > + > + secteam@FreeBSD.org > + > + > + > + > + > + > +

On April 15th Dag-Erling Smørgrav and Xin Li took over > + as security officers for the &os; Project, and the team welcomed > + Qing Li back in the team in June. This report briefly "back to the team" is probably better. > + summarizes the work of the Security Team from April until the > + end of June.

> + > +

The Security Team has released the following advisories:

> + > +
    > +
  • FreeBSD-SA-13:05.nfsserver: Insufficient input > + validation in the NFS server (nfsd(8)), reported by > + Adam Nowacki.
    • > + > +
  • FreeBSD-SA-13:06.mmap: Privilege escalation via > + mmap(), reported by Konstantin Belousov.
    • > + > +
  • FreeBSD-EN-13:02.vtnet: vtnet(4) > + network interface issue on QEMU 1.4.0 and later in 8.4-RELEASE, > + reported by Julian Stecklina.
    • > + > +
  • FreeBSD-EN-13:01.fxp: dhclient(8) utility > + issue on fxp(4) network interface in 8.4-RELEASE, > + reported by Michael L. Squires.
    • > +
"vtnet network interface issue" and "dhclient utility issue" are rather odd phrasings that convey little information about the actual issue. I don't remember the actual problems offhand, but I expect that a rewording is possible which better indicates the nature of the problem. > +

Per request of Baptiste Daroussin, the Security Team has also "Per the request"? -Ben > + reviewed the source code of Poudriere, the port build and test > + system which is planned to be used for producing pkg(8) > + ("new-style") packages on the &os; cluster.

> + > + > >