On Fri, 29 Jul 2016 03:49:39 +0000 Martin Schroeder wrote:
> I've been analyzing the document extensively since then. The targets > are as follows: > > [1] portsnap via portsnap vulnerabilities > [2] portsnap via libarchive & tar anti-sandboxing vulnerabilities > [3] portsnap via bspatch vulnerabilities I only had a quick look so I might have missed something - am I right in thinking that all the portsnap attacks rely on an attacker substituting the initial tarball? If so then then fixing this doesn't really effect existing users in the short term. Either you're already compromised, or your snapshot will remain secure until you manually delete it. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"