Bugtraq mailing list archives
Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED]
From: Warner Losh <imp () VILLAGE ORG>
Date: Tue, 7 Nov 2000 13:45:08 -0700
In message <Pine.BSO.4.21.0011071255400.30141-100000 () new wiretapped net> vort-fu writes: : ps. This was sent to the openbsd team, and patched, a month or so ago. How : can the freebsd team justify the lateness in applying their patch : (especially considering that they felt it was exploitable)? Is this a retorical question, or have you stopped beating your wife? I fixed top in the first place on October 4, the same day that OpenBSD fixed their top. I thought I had fixed all of the places where it was wrong. I missed one. On November 3 I got a bug report that I had missed it and within an hour I'd committed a change. We didn't hold anything back on purpose. I don't know if it is exploitable or not. It was felt that it would be better to release an advisory just to make sure people updated in case someone who is very clever in the future can create an exploit. As near as I can tell from my security-officer () freebsd org archive, you didn't try to inform us about the hole directly. We would welcome you letting us know in the future at the same time as you let OpenBSD know. Warner
Current thread:
- FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED] FreeBSD Security Advisories (Nov 07)
- <Possible follow-ups>
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED] vort-fu (Nov 08)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED] Kris Kennaway (Nov 08)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED] Warner Losh (Nov 09)