From owner-freebsd-stable  Thu Mar 21 23:43:31 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from zoon.lafn.org (zoon.lafn.org [206.117.18.9])
	by hub.freebsd.org (Postfix) with ESMTP id D363E37B419
	for <stable@FreeBSD.ORG>; Thu, 21 Mar 2002 23:43:28 -0800 (PST)
Received: from [10.0.1.90] (66-81-26-250-modem.o1.com [66.81.26.250])
	by zoon.lafn.org (8.11.3/8.11.3) with ESMTP id g2M7hQo15989;
	Thu, 21 Mar 2002 23:43:27 -0800 (PST)
	(envelope-from bc979@lafn.org)
Mime-Version: 1.0
X-Sender: bc979@mail.lafn.org
Message-Id: <f05100324b8c0906ea0be@[10.0.1.90]>
In-Reply-To: <20020319083437.Y75778-100000@twirl.bitdance.com>
References: <20020319083437.Y75778-100000@twirl.bitdance.com>
Date: Thu, 21 Mar 2002 23:42:53 -0800
To: "R. David Murray" <bitz@bitdance.com>
From: Doug Hardie <bc979@lafn.org>
Subject: Re: Security Bulletins and Related Updates
Cc: stable@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

At 8:38 -0500 3/19/02, R. David Murray wrote:
>On Mon, 18 Mar 2002, Doug Hardie wrote:
>>  I recently received 2 security bulletins dealing with security issues
>>  in the releases.  These last two did not include updates for
>>  4.3-RELENG.  The first one was a very simple patch that obviously was
>>  fine with the 4.3 sources.  That was easily updated.  This last one
>>  with zlib double-free is not as simple or obvious.
>
>Someone may want to address your point in general, but as for
>the zlib patch, quoting from the security advisory:
>
>"This patch has been verified to apply to all FreeBSD 4.x versions."
>
>Are you saying this was not true?
>
>--RDM

I did see that, but with a  number of systems to maintain, I really 
like having the source on one and using it to update the others. 
That way if I do need to replace a system, its a straight forward 
install from the master system.  Keeping track of patches is quite 
difficult.  However, as was pointed on in another message, I did miss 
the source update for 4.3 in the last security notice.  Its there 
twice and I missed both.
-- 
-- Doug

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message