Date: Mon, 25 Nov 1996 19:19:39 PST From: Bill Fenner <fenner@parc.xerox.com> To: security-officer@freebsd.org Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr Message-ID: <96Nov25.191950pst.177711@crevenia.parc.xerox.com> In-Reply-To: Your message of "Mon, 25 Nov 1996 14:00:00 PST." <199611252218.XAA11972@gvr.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199611252218.XAA11972@gvr.win.tue.nl> security-officer wrote: >Affects: FreeBSD 2.* >Corrected: FreeBSD-current as of 1996/10/27 > FreeBSD-stable as of 1996/11/01 Shouldn't this be something more like Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5 Corrected: FreeBSD-current as of 1996/10/27 FreeBSD-stable as of 1996/11/01 FreeBSD 2.2 and 2.1.6 releases or something? The timing of the advisory and the statement "FreeBSD 2.*" implies that 2.1.6 is affected, while the CVS tree says that the fix was in 2.1.6 . Yes, if you know that 2.1.6 was based on FreeBSD-stable and was released after 1996/11/01, then you can derive the same information, but why not make it explicit? (Especially for the person who is browsing the security advisories next year and comes across this one... "oh, shoot, 2.2 is affected"...) Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?96Nov25.191950pst.177711>