From owner-freebsd-security@FreeBSD.ORG  Wed Apr 20 18:57:42 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CA94D106564A
	for <freebsd-security@freebsd.org>;
	Wed, 20 Apr 2011 18:57:42 +0000 (UTC)
	(envelope-from rsimmons0@gmail.com)
Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com
	[209.85.218.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 851E18FC1E
	for <freebsd-security@freebsd.org>;
	Wed, 20 Apr 2011 18:57:42 +0000 (UTC)
Received: by yie12 with SMTP id 12so380190yie.13
	for <freebsd-security@freebsd.org>;
	Wed, 20 Apr 2011 11:57:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type;
	bh=1ROBl6JzpO16gMxu4CxVBE84llG1OWriBgv+AODBdbY=;
	b=Z2ws52hd5NtD9SivgpyHfcvVOwvp7lBfkVGuWu30VS1an6j+jjxS6OdCh7qTZ8z/ik
	MW6pCEgKRWMuRz5/E/z71SVv9oc2gWt9b9THU8Nb/cPLTAtxVpK7Bnk/VevZ8CiHko/z
	12sy43LgWIPDzw+N6CcDkRXDBb8OcPkHfmroE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=cYHOAHCwoA4vJ0DzotLxTFh48ckCeOZInWCjpg7ieAZM4ym0pDMH3qzXch6DddU7sL
	cKA+rpgnT7NqWCrfEHkxGQp58V7QJyzGFNcs/xLTKHe2Ktm9YKbrtKt2ednP6eRoAgLU
	iC4lJkulgGPyuutiGKYwn6GnAHB5zbarZ/vFs=
MIME-Version: 1.0
Received: by 10.150.229.3 with SMTP id b3mr6339818ybh.302.1303325861772; Wed,
	20 Apr 2011 11:57:41 -0700 (PDT)
Received: by 10.100.57.9 with HTTP; Wed, 20 Apr 2011 11:57:41 -0700 (PDT)
In-Reply-To: <20110420093127.3437c7bd@mr12941>
References: <F33ACEB2-3E7D-4965-9382-74F2C0C498A3@mac.com>
	<425B4657-A217-404E-8BC2-74BF3039002C@mac.com>
	<20110420093127.3437c7bd@mr12941>
Date: Wed, 20 Apr 2011 14:57:41 -0400
Message-ID: <BANLkTinoeXTHO2FJYssLWqHFpzzAAJDQVQ@mail.gmail.com>
From: Robert Simmons <rsimmons0@gmail.com>
To: Patrick Lamaiziere <patfbsd@davenulle.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-security@freebsd.org
Subject: Re: dhclient and CVE-2011-0997...?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2011 18:57:42 -0000

On Wed, Apr 20, 2011 at 3:31 AM, Patrick Lamaiziere
<patfbsd@davenulle.org> wrote:
> FreeBSD uses the OpenBSD dhclient, not the ISC one.

Correct me if I'm wrong, but the OpenBSD dhclient is a modified
version of the ISC one.  At least that is what the first few comments
that contain ISC's license at the top if the source code file seem to
say:
" * Copyright (c) 1995, 1996, 1997, 1998, 1999
 * The Internet Software Consortium.    All rights reserved."

Is the most recent bug in dhclient one of the ones that was fixed in
OpenBSD 7 years ago the way many security bugs are?

Rob