From owner-freebsd-security Wed Oct 4 10:23:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 3F8A937B502 for ; Wed, 4 Oct 2000 10:23:32 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HNSM16336; Wed, 4 Oct 2000 11:23:28 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37682; Wed, 4 Oct 2000 11:23:26 -0600 (MDT) Message-Id: <200010041723.LAA37682@harmony.village.org> To: Tim Yardley Subject: Re: Fwd: BSD chpass Cc: Mike Silbersack , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 04 Oct 2000 01:18:25 CDT." <5.0.0.25.2.20001004011552.02eee900@students.uiuc.edu> References: <5.0.0.25.2.20001004011552.02eee900@students.uiuc.edu> Date: Wed, 04 Oct 2000 11:23:26 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <5.0.0.25.2.20001004011552.02eee900@students.uiuc.edu> Tim Yardley writes: : I would just like to point out that it was posted to bugtraq because the : original work in progress exploit was leaked. Venders are always notified : once you have something that works, and caddis is not in exception to this : rule. The leak caused this bug to be posted before it was meant to be. If : you do notice, obsd posted an advisory right after, which does show that at : least some people were in the "know". We had rumblings of this on the SO list at about 3pm or so yesterday, but that was from the OpenBSD folks wanting to know what versions were vulnerable. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message