On Fri, Sep 26, 2003 at 12:28:07PM -0400, Bill Moran wrote:
> Hey,
> I'm a bit confused, and it may just be a typo.
> I recently updated a bunch of servers to patch the arp problem recently
> announced:
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03%3A14.arp.asc
> Now, with the chaos in my life, plus getting physically ill during the last
> few days, I've not been 100% sure I finished the upgrade on all these 
> machines,
> so I went around checking uname -a to make sure.
> Every single machine I upgraded says 4.8-RELEASE-p5
> Now, the security advisory claims the problem is fixed in 4.8-RELEASE-p10.
> I know that I completely updated at least _some_ of these machines ;)
> Anyway.  Is there a typo somewhere?  Or am I misunderstanding the
> bulliten?

It depends on how you obtained the updated source code.  If you used
cvsup(1) to track the RELENG_4_8 branch, then you would have received
inter-alia patches to sys/conf/newvers.sh and other files that control
what the system says it's version number is.

If you downloaded patches as detailed in the various security
advisories, or if you compiled the patched code areas in detail,
rather than running a general build and install, then you will
generally have solved the security holes addressed by the advisories
but you probably won't have updated the system version numbers.

That's basically because the patch files supplied with security
advisories address nothing but the problem at hand, in order that they
can be applied to as many different system versions as possible.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to