From owner-freebsd-security Mon Nov 20 19: 6:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 6A34637B4C5; Mon, 20 Nov 2000 19:06:51 -0800 (PST) Received: (from root@localhost) by giganda.komkon.org (8.9.3/8.9.3) id WAA74232; Mon, 20 Nov 2000 22:06:45 -0500 (EST) (envelope-from str) Date: Mon, 20 Nov 2000 22:06:45 -0500 (EST) From: Igor Roshchin Message-Id: <200011210306.WAA74232@giganda.komkon.org> To: security-officer@freebsd.org, security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From: FreeBSD Security Advisories > Subject: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh > Date: Mon, 20 Nov 2000 14:01:11 -0800 (PST) > > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-00:76 Security Advisory > FreeBSD, Inc. > > Topic: tcsh/csh creates insecure temporary file > <..> > > 2) Deinstall the old package and install a new package dated after the > correction date, obtained from: > > [tcsh] > > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/tcsh-6.09.03_1.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/tcsh-6.09.03_1.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/tcsh-6.09.03_1.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/tcsh-6.09.03_1.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/tcsh-6.09.03_1.tgz > <..> In 3-stable (on ftp.freebsd.org) I find: -rw-r--r-- 1 569 207 257477 Nov 18 15:16 ../All/tcsh-6.09.03.tgz Is it an updated version, or not ? The date is close, but the number is different, although the package has a date stamp when the problem was known (and fixed in some parts of the system) > Corrected: 2000-11-04 (FreeBSD 4.1.1-STABLE) > 2000-11-05 (FreeBSD 3.5.1-STABLE) > 2000-11-09 (44bsd-csh port) > 2000-11-19 (tcsh port) Similar situation is for 4-stable: > dir ../All/tcsh* -rw-r--r-- 1 569 207 1342 Nov 6 02:20 ../All/tcsh-6.09.03.tgz /.0/FreeBSD/ports/i386/packages-4-stable/shells freebsd> So, it is not completely clear if the packages are updated yet, or not. ( I hope I didn't miss the phrase that the packages might not be ready yet this time) Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message