Re: Missing patch and security announce

2006-01-26 Thread Rob W
From: Ted Unangst [EMAIL PROTECTED] To: Rob W [EMAIL PROTECTED] CC: misc@openbsd.org Subject: Re: Missing patch and security announce Date: Wed, 25 Jan 2006 10:25:08 -0800 it's a minor issue. On 1/25/06, Rob W [EMAIL PROTECTED] wrote: See http://docs.freebsd.org/cgi/mid.cgi?200601251013

Re: Missing patch and security announce

2006-01-26 Thread Rob W
What about http://www.securityfocus.com/bid/16375 _ Ta' pe udsalg eret rundt pe MSN Shopping: http://shopping.msn.dk - her finder du altid de bedste priser

Re: Missing patch and security announce

2006-01-26 Thread Rob W
What about http://www.securityfocus.com/columnists/380 _ Find dine dokumenter lettere med MSN Toolbar med Windows-pc-sxgning: http://toolbar.msn.dk

Re: Missing patch and security announce

2006-01-26 Thread Claudio Jeker
On Thu, Jan 26, 2006 at 01:51:48PM +0100, Rob W wrote: What about http://www.securityfocus.com/columnists/380 Oh please! Could we please stop this immutable files (non-)issue. This securityfocus article shows only one thing the incompetence of the columnist and securityfocus itself. Probably

Re: Missing patch and security announce

2006-01-26 Thread Ted Unangst
On 1/26/06, Rob W [EMAIL PROTECTED] wrote: Maybe it is a minor issue but where is the limit for when a security announce and a patch is made available? do you know what the preconditions necessary for exploit are? do you know the consequences of the bug? quote I got a vendor confirmed alert

Re: Missing patch and security announce

2006-01-26 Thread Dries Schellekens
Rob W wrote: What about http://www.securityfocus.com/bid/16375 Fixed in -current, 3.8-stable and 3.7-stable See http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c Cheers, Dries

Missing patch and security announce

2006-01-25 Thread Rob W
See http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce. (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148) How does this match http://openbsd.org/security.html#disclosure ?

Re: Missing patch and security announce

2006-01-25 Thread eric
On Wed, 2006-01-25 at 16:06:55 +0100, Rob W proclaimed... See http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce. (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148) How does

Re: Missing patch and security announce

2006-01-25 Thread Ted Unangst
it's a minor issue. On 1/25/06, Rob W [EMAIL PROTECTED] wrote: See http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce. (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148) How

Re: Missing patch and security announce

2006-01-25 Thread Rob W
@openbsd.org Subject: Re: Missing patch and security announce Date: Wed, 25 Jan 2006 11:03:21 -0600 On Wed, 2006-01-25 at 16:06:55 +0100, Rob W proclaimed... See http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce. (http