oss-sec mailing list archives
Re: FreeBSD: URGENT: RNG broken for last 4 months
From: cve-assign () mitre org
Date: Wed, 18 Feb 2015 23:03:41 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
If you are running a current kernel r273872 or later, please upgrade
Our perspective at this point is that FreeBSD-CURRENT is not a "software product" and typically should not have CVE assignments. If anyone on the FreeBSD Security Officer Team believes that this, for whatever reason, is a case where FreeBSD-CURRENT should have a CVE, we are willing to go with their preference.
quite a few people run -current (and it's a 4 month affected window), so if we're assigning CVE's to stuff hosted in github, then it seems fair
A project on github can be a software product if the developers choose to use github that way. FreeBSD-CURRENT is, for example, advertised as "any given commit is just as likely to introduce new bugs as to fix existing ones" (https://www.freebsd.org/doc/en/books/handbook/current-stable.html). The defined use cases for FreeBSD-CURRENT don't suggest that it has any expected behavior, security-wise or otherwise: it is just a point in the development process. Also, we don't happen to know of situations where third parties repackage and support FreeBSD-CURRENT code (e.g., as the embedded OS of an appliance). - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU5V/UAAoJEKllVAevmvmswX0IAJvlnDzjyPxNgRbkZbMkqBlP jWu4RE4wKDIdNbMWKkPofiS0CjxT1JUvdjWJccUuEFvGMusGQcPahbIlkWUMvnRw fzJz+y8ge2Va7VrFoy+MzP083d3X1/oUeSf/MF4UjruoUhu1LFrTKRvHZhjuVJDn /VXmbtScI3V8zNPkmOcepdhau6AWzXi1kZ0jvTcAPtobkXc/MUCOkr2hca5iACDL zLr/H3rzRxBMqGLXW4YqvWWRTBZc5+l3w6RGuiY5oJWkigs8UTNyKurovsw/zGZ9 lpflDjdBbSKaFvycWNOJLj9A0bTD7jo1M/6EUdzvIzBGlVnbSrlCiFfES5jpmXI= =6XgW -----END PGP SIGNATURE-----
Current thread:
- FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried (Feb 17)
- Re: FreeBSD: URGENT: RNG broken for last 4 months Loganaden Velvindron (Feb 17)
- Re: FreeBSD: URGENT: RNG broken for last 4 months cve-assign (Feb 18)
- Re: FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried (Feb 18)