From owner-freebsd-security Wed Sep 27 13: 1:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 664A337B422; Wed, 27 Sep 2000 13:01:25 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA85139; Wed, 27 Sep 2000 13:01:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 27 Sep 2000 13:01:25 -0700 (PDT) From: Kris Kennaway To: sigma@pair.com Cc: freebsd-security@freebsd.org, green@Freebsd.org Subject: Re: Status of FreeBSD-SA-00:41.elf? In-Reply-To: <20000927182443.7666.qmail@smx.pair.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000 sigma@pair.com wrote: > The following advisory went out on August 28, 2000. It indicates that 4.x > and 5.x are fixed, and implies that a fix for 3.x would be forthcoming. > We actually delayed the rollout of 3.5-STABLE for our users based on this > advisory. A month has passed, and I can't find any discussion of this > issue, nor any hint as to what the "logistical difficulties" are that the > advisory mentions. The issue is that most FreeBSD developers do not have a 3.5 machine available for testing - BSDi were supposed to be setting up one for us to use but it has not yet come through. This makes it very hard to test security fixes to the 3.5 branch so we don't break it by just committing blindly (in fact, I think we should officially drop security support for the 3.x branch because in practise it's not being supported for security fixes). I believe the problem is still not fixed in 3.5-STABLE at this time. Brian Feldman is the person who committed the original fixes - you should talk to him about testing the fix, and based on that we can commit it to 3.5-STABLE. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message