Date: Wed, 01 Dec 1999 11:54:08 -0700 From: Wes Peters <wes@softweyr.com> To: Bill Swingle <unfurl@dub.net> Cc: security@FreeBSD.ORG, Jordan Hubbard <jkh@FreeBSD.ORG> Subject: Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] Message-ID: <38456ED0.D25139C7@softweyr.com> References: <19991201093242.A71817@dub.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Swingle wrote:
>
> Ok, so I know these are all vulnerabilities in third party software, and
> that the actual problem with each program is not really ours to fix but
> each of these problems can be avoided with small changes to the
> respective ports.
>
> FreeBSD vulnerabilities are few and far between, and even fewer are
> published on Bugtraq. Having something as simple as this get past us is
> really embarassing. It says to the security community at large that
> we're not even concerned enough with security to fix these small holes.
> We all know that's not true.
>
> I'm not sure who dropped the ball here, and I'm not pointing fingers. I
> just hope that we can pull together in the future to avoid more of this.
Before we go hopping around yammering about "not caring about security" or
"dropping the ball" it might be effective to ask "has anyone ever reported
these problems before?" *I* haven't seen any of them reported, and I've
been on this mail list for 3 or 4 years.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38456ED0.D25139C7>