Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Nov 2000 22:06:45 -0500 (EST)
From:      Igor Roshchin <str@giganda.komkon.org>
To:        security-officer@freebsd.org, security@freebsd.org
Subject:   Re: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh
Message-ID:  <200011210306.WAA74232@giganda.komkon.org>
next in thread | raw e-mail | index | archive | help 

> From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
> Subject: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh
> Date: Mon, 20 Nov 2000 14:01:11 -0800 (PST)
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> =============================================================================
> FreeBSD-SA-00:76                                            Security Advisory
>                                                                 FreeBSD, Inc.
>
> Topic:          tcsh/csh creates insecure temporary file
>

<..>


>
> 2) Deinstall the old package and install a new package dated after the
> correction date, obtained from:
>
> [tcsh]
>
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/tcsh-6.09.03_1.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/tcsh-6.09.03_1.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/tcsh-6.09.03_1.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/tcsh-6.09.03_1.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/tcsh-6.09.03_1.tgz
>

<..>

In 3-stable (on ftp.freebsd.org) I find:
-rw-r--r--  1 569  207  257477 Nov 18 15:16 ../All/tcsh-6.09.03.tgz

Is it an updated version, or not ?
The date is close, but the number is different,
although the package has a date stamp when the problem was known
(and fixed in some parts of the system)

> Corrected:      2000-11-04 (FreeBSD 4.1.1-STABLE)
>                 2000-11-05 (FreeBSD 3.5.1-STABLE)
>                 2000-11-09 (44bsd-csh port)
>                 2000-11-19 (tcsh port)



Similar situation is for 4-stable:

> dir ../All/tcsh*

-rw-r--r--  1 569  207  1342 Nov  6 02:20 ../All/tcsh-6.09.03.tgz
                                 /.0/FreeBSD/ports/i386/packages-4-stable/shells
freebsd> 


So, it is not completely clear if the packages are updated yet, or not.
( I hope I didn't miss the phrase that the packages might not be ready yet
this time)

Igor



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011210306.WAA74232>