On May 19, 2005, at 5:53 AM, Christian Brueffer wrote:> Hi, > > fixes for the vulnerability described in http://www.kb.cert.org/ > vuls/id/637934 > were checked in to CURRENT and RELENG_5 by ps in April. > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c > > Revisions 1.270 and 1.252.2.16 > > He didn't commit it to RELENG_5_4 for some reason, so 5.4 shipped with > it. > > My guess is that he didn't notify you guys either. > > I stumbled upon this through a Heise News article at > http://www.heise.de/newsticker/meldung/59672. Sent them an update > about > the fixed branches, but they'd like to know why this wasn't > communicated > back to US-CERT yadda yadda yadda.Thanks, Christian. No, ps@ didn't point it out. It gets a little confusing too, since I see that the work was submitted by multiple folks, one of which reported another related vulnerability to us on May 18 (7 days after that commit). Now to try to untangle what is what ... -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050523/056ac310/PGP.bin
Jacques Vidrine wrote:> > On May 19, 2005, at 5:53 AM, Christian Brueffer wrote: > >> fixes for the vulnerability described in http://www.kb.cert.org/ >> vuls/id/637934 >> were checked in to CURRENT and RELENG_5 by ps in April. >> >> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c >> >> Revisions 1.270 and 1.252.2.16 >> >> He didn't commit it to RELENG_5_4 for some reason, so 5.4 shipped with >> it. >> >> My guess is that he didn't notify you guys either. >> >> I stumbled upon this through a Heise News article at >> http://www.heise.de/newsticker/meldung/59672. Sent them an update about >> the fixed branches, but they'd like to know why this wasn't communicated >> back to US-CERT yadda yadda yadda. > > Thanks, Christian. No, ps@ didn't point it out. It gets a little > confusing too, since I see that the work was submitted by multiple > folks, one of which reported another related vulnerability to us on May > 18 (7 days after that commit). Now to try to untangle what is what ...My boss asked me to check on whether this problem was fixed for FreeBSD 4.10. I didn't see any advisories related to this, and FreeBSD is still showing as vulnerable on the CERT web site. It doesn't look like a fix for this has been committed to any of the 4.X branches. Any word on this? Thanks for the help. Richard Coleman rcoleman@criticalmagic.com