From owner-freebsd-security@FreeBSD.ORG Fri Apr 11 14:42:49 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 38773FC8 for ; Fri, 11 Apr 2014 14:42:49 +0000 (UTC) Received: from lyra.its.uu.se (lyra.its.uu.se [130.238.7.73]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E0B4A131B for ; Fri, 11 Apr 2014 14:42:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at uu.se X-DKIM: Sendmail DKIM Filter v2.8.3 lyra.its.uu.se 0E6E3E80EF DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uu.se; s=centralsmtp; t=1397226894; i=@uu.se; bh=eQn7WTB9QHaupX95tKPDcyp6dCEiJVs0AmDcQ92ramc=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=jrxkpd4fgVmmz0onLn2HGr+C/uw49ekqQA9pxU6YMvyFxhStB79OeP6UUvmzAKi1V nGqQDCd1U62ThbrtyhPcjg5h3gFrfQEbaHWhb4kjJD2Bz9NA3cDl1C9zOm9NmQiDLu WInaMXfoTZzifE+2yX6XC/FiQ7qwMN/8wRw1JHuY= Received: from caligata.its.uu.se (caligata.its.uu.se [130.238.7.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by lyra.its.uu.se (Postfix) with ESMTPS id 0E6E3E80EF; Fri, 11 Apr 2014 16:34:54 +0200 (CEST) Received: from jubula (localhost.localdomain [127.0.0.1]) by caligata.its.uu.se (8.13.8/8.13.8) with ESMTP id s3BEYr8d029582; Fri, 11 Apr 2014 16:34:53 +0200 Received: from h-197-74.a213.corp.bahnhof.se (h-197-74.a213.corp.bahnhof.se [85.24.197.74]) by webmail.uu.se (Horde Framework) with HTTP; Fri, 11 Apr 2014 16:34:53 +0200 Message-ID: <20140411163453.10305uc2u7ijvcst@webmail.uu.se> Date: Fri, 11 Apr 2014 16:34:53 +0200 From: Erik Trulsson To: sbremal@hotmail.com Subject: RE: CVE-2014-0160? References: , , , In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.9) X-Mailman-Approved-At: Fri, 11 Apr 2014 16:38:43 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2014 14:42:49 -0000 Quoting sbremal@hotmail.com: > I receive daily email from the host which normally shows port audits > and vulnerabilities. However, I did not sport anything related to > CVE-2014-0160 in this email. I expected the same info comes in this > email about the base system as well. > > How do you normally inform about recent vulnerability in the base > system? (I believe newspaper and TV is not the best way...) No, the port audit system does not cover base system vulnerabilities. Security advisories regarding the base systems are supposed to be sent by e-mail to the following mailing lists: FreeBSD-security-notifications@FreeBSD.org FreeBSD-security@FreeBSD.org FreeBSD-announce@FreeBSD.org Personally I would recommend all FreeBSD users to subscribe to the freebsd-announce list at least.