Date: Tue, 11 Mar 2003 12:22:05 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: David O'Brien <obrien@FreeBSD.org> Cc: Christopher Schulte <schulte+freebsd@nospam.schulte.org>, Guy Poizat <guy@device.dyndns.org>, freebsd-security@FreeBSD.org Subject: Re: Prov. patch for the file hole ISS disclosed Message-ID: <20030311182205.GA57362@madman.celabo.org> In-Reply-To: <20030311181452.GA59655@dragon.nuxi.com> References: <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> <5.2.0.9.2.20030311113159.0386fea0@localhost> <20030311174126.GA57179@madman.celabo.org> <20030311181452.GA59655@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 11, 2003 at 10:14:52AM -0800, David O'Brien wrote: > On Tue, Mar 11, 2003 at 11:41:27AM -0600, Jacques A. Vidrine wrote: > > On Tue, Mar 11, 2003 at 11:34:40AM -0600, Christopher Schulte wrote: > > > I think this should be merged into the security branches, > > > due to possible remote exploit by third party programs that > > > use file, such as (at the very least) amavis. > > > > I tend to agree. > > > > David? > > Up to you. I'm going to do an MFC for 4.8. Good, thanks! > I am not very well setup to > test the security branches. Oops, I didn't read very carefully. I was talking about -STABLE only. > Do you want me to just MFC exactly what I > committed to 5-CURRENT to the 5_0 branch (it should Just Work). Same for > the 4_7 branch. No, I do not wish the new `file' to be merged into the security branches. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030311182205.GA57362>