SA-14:24 - sshd. probably not. I don't think we link against kerberos. SA-14:25 - setlogin - no, we are not affected. Our kernel zero's the buffer.
SA-14:26 - The ftp issue was fixed at the same time FreeBSD fixed it. Note that even with a vulnerable program, the issue is not likely to get hit by normal users because our 'fetch' program is different and most use cases via 'ftp' will use -o. -Matt On Tue, Nov 4, 2014 at 5:18 PM, lhmwzy <[email protected]> wrote: > https://www.freebsd.org/security/advisories/FreeBSD-SA-14:24.sshd.asc > https://www.freebsd.org/security/advisories/FreeBSD-SA-14:25.setlogin.asc > https://www.freebsd.org/security/advisories/FreeBSD-SA-14:26.ftp.asc > > >
