|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: another TCPDump update question
From: Jacques A. Vidrine (nectar
FreeBSD.org)
Date: Mon Mar 24 2003 - 10:00:20 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Mar 24, 2003 at 09:30:21AM -0600, D J Hawkey Jr wrote:
> On Mar 24, at 09:14 AM, Jacques A. Vidrine wrote:
> > You didn't miss anything. There won't be a security advisory for this
> > issue.
>
> No?
>
> Without insulting anyone, may I ask why not? tcpdump is included in the
> base/standard OS, afterall, and so is libpcap, which appears to be related.
>
> IIRC, there have been SAs for DOS vulnerabilities before. What or where
> is the line for what is or is not eligible for a SA?
Well, there are no hard-n-fast rules. It's a judgement call. We
generally limit SAs to those issues that we deem `important', so as
not to devalue them. (c.f. The Boy Who Cried Wolf)
You're right: there have been SAs for remote DoSs before. In this
case, both the cirumstances that could lead to this remote DoS, and
especially the impact of the bug are so minimal as to not be worth
updating your system.
Cheers,
--
Jacques A. Vidrine <nectarcelabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrineverio.net . nectarFreeBSD.org . nectarkth.se
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]