On 2007.11.29 18:00:38 +0000, Alexey Dokuchaev wrote: > On Thu, Nov 29, 2007 at 04:08:54PM +0000, Simon L. Nielsen wrote: > > simon 2007-11-29 16:08:54 UTC > > > > FreeBSD src repository > > > > Modified files: (Branch: RELENG_5) > > contrib/tar/src misc.c > > sys/dev/random yarrow.c > > Log: > > Correct a random value disclosure in random(4). [07:09] > > > > Correct a gtar directory traversal vulnerability. [07:10] > > > > Security: FreeBSD-SA-07:09.random > > Security: FreeBSD-SA-07:10.gtar > > Is 4.x vulnerable?
For gtar, very likely. For random(4) I don't know - it's likely it has older random code which isn't affected (at least I seem to recall it was different).. > Is it going to be fixed? I can test patches. :-) I and secteam have no plans to fix it, but if someone wants to fix it in RELENG_4 we don't have any problems with that. -- Simon L. Nielsen _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
