Date: Sat, 30 Sep 2000 22:25:38 -0400 From: "Jonathan M. Slivko" <jmslivko@mindspring.com> To: "Igor Roshchin" <str@giganda.komkon.org>, <security@freebsd.org> Subject: Re: advisory suggestion Message-ID: <000b01c02b4e$e499c4e0$2f4679a5@p4f0i0> References: <200010010212.WAA49025@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I totally agree on that point. ---------------------------------------------------------------------------- ------------------------------ Jonathan M. Slivko, President & Founder - Linux Mafia Internet Services Phone: (212) 663-1109 - Pager: (917) 388-5304 (24/7) Webpage: http://www.linux-mafia.net -- "In FreeBSD We Trust!" AIM SN: OptixNYC -- Network Solutions Handle: JSR730 ---------------------------------------------------------------------------- ------------------------------ ----- Original Message ----- From: "Igor Roshchin" <str@giganda.komkon.org> To: <security@freebsd.org> Sent: Saturday, September 30, 2000 10:12 PM Subject: advisory suggestion > > I remember there was a discussion 1-2 years ago, > on how to state in advisories which versions of FreeBSD are vulnerable. > Unfortunately I don't remember what was the final consensus, > but may I make a suggestion based on the recent advisory? > > Sometimes, it is difficult to recall when a particular release was > rolled out. So, say, if I have a box running 3.5.1 - and I start > thinkin if that one is affected, I'd have to go to an ftp server > and check the dates of the release, which makes it not very convenient. > Well, 4.1.1 is out just a few days ago, so it is easier to recall that date, > but if another advisory would come out a month from now, and would have > the fix date of September 30, I wouldn't remember if it was before > or after 4.1.1 was out. > Otherwise, I think the current format is very clear. > > So, my suggestion is: > when there are additional releases in N.K-STABLE (or N.K-CURRENT) branch > (or to be more exact the particular N.K version of the branch) > besides N.K-RELEASE (such as N.K.1-RELEASE), it would be nice > to have a clause in there: > > Affects: FreeBSD..... > ... including 3.5.1-RELEASE > > Corrected: .... > (including 4.1.1-RELEASE [and later]) > > Regards, > > Igor > > > > From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG> > > To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG> > > Subject: FreeBSD Security Advisory: FreeBSD-SA-00:53.catopen > > Date: Wed, 27 Sep 2000 17:48:35 -0700 (PDT) > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > ============================================================================ = > > FreeBSD-SA-00:53 Security Advisory > > FreeBSD, Inc. > > > > Topic: catopen() may pose security risk for third party code > > > > Category: core > > Module: libc > > Announced: 2000-09-27 > > Affects: FreeBSD 5.0-CURRENT, 4.x and 3.x prior to the correction date. > > Corrected: Problem 1: 2000-08-06 (FreeBSD 5.0-CURRENT) > > 2000-08-22 (FreeBSD 4.1-STABLE) > > 2000-09-07 (FreeBSD 3.5-STABLE) > > Problem 2: 2000-09-08 (FreeBSD 5.0-CURRENT, 4.1-STABLE and > > 3.5-STABLE) > <..> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01c02b4e$e499c4e0$2f4679a5>