On 2005.03.28 13:24:08 -0800, Will Yardley wrote: > On Mon, Mar 28, 2005 at 07:52:14PM +0000, FreeBSD Security Advisories wrote: > > [ Not sure else where to follow up to - I don't want to bug the security > team directly about this, so just writing the list for now ]
In general it's fine to bug the security team directly of stuff like this, but we also do read freebsd-security@ :-). > > b) Execute the following commands as root: > > > > # cd /usr/src > > # patch < /path/to/patch > > On my home machine (5.3-RELEASE) this failed - I had to go to > /usr/src/contrib/telnet/telnet for the patch to apply. Indeed, looks like the FreeBSD 5 patch is an "old" version since that should have been fixed. I just CC'ed nectar so this can be fixed ASAP. > > c) Rebuild the operating system as described in > > <URL:http://www.freebsd.org/doc/handbook/makeworld.html>. > > Just curious... why is it necessary to rebuild the whole operating > system? Normally, the security advisories just have you rebuild the > program in question - wouldn't that have sufficed here? Due to multiple telnet versions (especially in FreeBSD 4) it was judged that including more specific build instructions for all the possible combinations of telnet and build options gave to high a risk for errors possibly resulting in users not actually getting telnet rebuild correctly. -- Simon L. Nielsen
pgppAOstmtVL7.pgp
Description: PGP signature
