Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Dima Dorfman (dimaunixfreak.org)
Date: Wed Jul 11 2001 - 17:48:52 CDT
Kris Kennaway <krisobsecurity.org> writes:
> On Wed, Jul 11, 2001 at 10:46:09AM -0500, Jacques A. Vidrine wrote:
> > On Tue, Jul 10, 2001 at 06:59:57PM -0700, Dima Dorfman wrote:
> > > Jason DiCioccio <jdicioccioepylon.com> writes:
> > > > So then I'm guessing this has been 3.5-STABLE is not vulnerable?
> > > > Just want to be sure :-)
> > >
> > > What makes you say that? The necessary fix isn't present in RELENG_3,
> > > and I doubt that there's something else which hides the issue.
> > I haven't double-checked, but it looks like this bug was enabled by
> > revision 1.54 of src/sys/kern/kern_fork.c (allowing shared signal
> > handlers with rfork). That would include 3.1-RELEASE and all
> > following releases.
> As was announced several months ago, we are no longer requiring
> security fixes for locally exploitable vulnerabilities under RELENG_3,
> only network-exploitable vulnerabilities.
Right, I saw the announcement and totally agree with it; you have
enough work to do as it is. Does this mean, however, that individual
developers or contributers can't fix the holes after the advisory?
I.e., is there any reason why I shouldn't apply the patch to RELENG_3?
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message