On Mon, Jul 01, 2002 at 12:14:00PM -0600, Brett Glass wrote:
> At 11:53 AM 7/1/2002, Jacques A. Vidrine wrote:
>
> >No, I'm afraid not. libc.so.3 will not be rebuilt in the usual sense
> >of the word, thus leaving binaries that link against it vulnerable.
>
> In that case, has the binary package including it been taken offline?

No.

> It's unethical to leave it where it might be downloaded.

Gee, I guess we better get cracking to take offline every previous
version of libc, too --- which would mean every version of FreeBSD and
who knows what else. Hmm, and any applications that may have been
statically linked with any of them.

How about you help out by enumerating every copy on the Internet,
along with contact information for each? That would be much
appreciated. Thanks.

-- 
Jacques A. Vidrine <nnectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrineverio.net     .  nectarFreeBSD.org  .          nectarkth.se
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]