On Tue, Dec 01, 2009 at 06:04:05PM +0700, ~Lst wrote:> Hello all,
>
> What d'you think about this ?
> http://seclists.org/fulldisclosure/2009/Nov/371
Are you actually asking for an opinions of a security hole, or are you
just trying to bring it to our attention? An official statement was
already issued to freebsd-security about 10 hours ago:
http://lists.freebsd.org/pipermail/freebsd-security/2009-December/005369.html
The mentioned patch is for src/libexec/rtld-elf/rtld.c (since full paths
aren't present in the patch file).
Mentioned patch has already been committed to the HEAD (CURRENT),
RELENG_7, and RELENG_8 branches approximately 8.75 hours ago, with the
note "Advisory coming soon":
http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/rtld-elf/rtld.c
--
| Jeremy Chadwick jdc@parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |