Re: freebsd-update and portsnap users still at risk of compromise

2016-08-10 Thread Julian Elischer
On 11/08/2016 1:11 AM, Mail Lists via freebsd-security wrote: sorry but this is blabla and does not come even near to answering the real problem: It appears that freebsd and the US-government is more connected that some of us might like: Not publishing security issues concerning update

Re[2]: freebsd-update and portsnap users still at risk of compromise

2016-08-10 Thread Mail Lists via freebsd-security
sorry but this is bullshit and does not come even near to answering the real problem: It appears that freebsd and the US-government is more connected that some of us might like: Not publishing security issues concerning update mechanisms - we all can think WHY freebsd is not eager on this

Re[2]: freebsd-update and portsnap users still at risk of compromise

2016-08-10 Thread Mail Lists via freebsd-security
sorry but this is blabla and does not come even near to answering the real problem: It appears that freebsd and the US-government is more connected that some of us might like: Not publishing security issues concerning update mechanisms - we all can think WHY freebsd is not eager on this

Re: freebsd-update and portsnap users still at risk of compromise

2016-08-10 Thread RW via freebsd-security
On Fri, 29 Jul 2016 03:49:39 + Martin Schroeder wrote: > I've been analyzing the document extensively since then. The targets > are as follows: > > [1] portsnap via portsnap vulnerabilities > [2] portsnap via libarchive & tar anti-sandboxing vulnerabilities > [3] portsnap via bspatch

Re: freebsd-update and portsnap users still at risk of compromise

2016-08-10 Thread Shawn Webb
On Wed, Aug 10, 2016 at 09:50:37AM +0100, Big Lebowski wrote: > On Tue, Aug 9, 2016 at 9:21 PM, Matthew Donovan > wrote: > > > You mean operating system as distribution is a Linux term. There's not much > > different between HARDENEDBSD and FreeBSD besides that HardenedBSD

Re: freebsd-update and portsnap users still at risk of compromise

2016-08-10 Thread Franco Fichtner
> On 10 Aug 2016, at 10:50 AM, Big Lebowski wrote: > > With all due respect :) Not really. Feel free to try again. ___ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To

Re: freebsd-update and portsnap users still at risk of compromise

2016-08-10 Thread Big Lebowski
On Tue, Aug 9, 2016 at 9:21 PM, Matthew Donovan wrote: > You mean operating system as distribution is a Linux term. There's not much > different between HARDENEDBSD and FreeBSD besides that HardenedBSD fixes > vulnerabilities and has a an excellent ASLR system compared to