Date: Mon, 24 Mar 2003 10:00:20 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: twig les <twigles@yahoo.com>, freebsd-security@FreeBSD.ORG Subject: Re: another TCPDump update question Message-ID: <20030324160020.GA1911@madman.celabo.org> In-Reply-To: <20030324093021.A8296@sheol.localdomain> References: <20030311231326.82217.qmail@web10107.mail.yahoo.com> <20030324151410.GE94153@madman.celabo.org> <20030324093021.A8296@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 24, 2003 at 09:30:21AM -0600, D J Hawkey Jr wrote: > On Mar 24, at 09:14 AM, Jacques A. Vidrine wrote: > > You didn't miss anything. There won't be a security advisory for this > > issue. > > No? > > Without insulting anyone, may I ask why not? tcpdump is included in the > base/standard OS, afterall, and so is libpcap, which appears to be related. > > IIRC, there have been SAs for DOS vulnerabilities before. What or where > is the line for what is or is not eligible for a SA? Well, there are no hard-n-fast rules. It's a judgement call. We generally limit SAs to those issues that we deem `important', so as not to devalue them. (c.f. The Boy Who Cried Wolf) You're right: there have been SAs for remote DoSs before. In this case, both the cirumstances that could lead to this remote DoS, and especially the impact of the bug are so minimal as to not be worth updating your system. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030324160020.GA1911>