Date: Sun, 05 Sep 1999 20:27:13 -0600 From: Warner Losh <imp@village.org> To: spork <spork@super-g.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Alerts Message-ID: <199909060227.UAA01416@harmony.village.org> In-Reply-To: Your message of "Fri, 03 Sep 1999 13:44:42 EDT." <Pine.BSF.4.00.9909031337390.18803-100000@super-g.inch.com> References: <Pine.BSF.4.00.9909031337390.18803-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.00.9909031337390.18803-100000@super-g.inch.com> spork writes: : I've been reading bugtraq more often that this list (2500 messages in this : box..) and following a few FBSD exploits there (/etc/security / fts, the : mbuf DoS) and also a few where it's unclear as to whether FBSD is affected : (libtermcap, wu-ftpd, proftpd). The security officer handles this. Some advisories have been issued, more to follow. We don't issue advisories for problems that don't impact us. This means there will be no libtermcap nor cron because FreeBSD is not vulnerable to those exploits. : So what I'm wondering is whether the project is in need of someone to : digest, discuss, and regurgitate some of these things into security : advisories. I personally can appreciate the fact that an ordinary user or : admin might not be able to follow every bug that comes up on bugtraq or on : this list, and the idea of a central repository on the FreeBSD webpage : that is kept up to date and includes third-party software (esp. if it's in : common use, like wu) seems like a good one. Yes. It is an excellent idea. I'm looking for ways to help in advising on third party software used with freebsd, like wuftpd. : So I'm volunteering to write this stuff up, all I need is the go-ahead : from someone... Send me something privately and I'll let you know if you are on the right track. Warner FreeBSD Security Officer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909060227.UAA01416>