Re: About the FreeBSD Security Advisories

2005-04-05 Thread Colin Percival
Jesper Wallin wrote: > I've noticed a delay between when the security advisories are sent and > when the cvsup servers, ftp mirrors and web mirrors are updated. Is this > delay on purpose to give the users some time to update/patch their > system(s) before it hit pages like bugtraq, etc.. or is it

Re: About the FreeBSD Security Advisories

2005-04-05 Thread Kris Kennaway
On Wed, Apr 06, 2005 at 03:34:09AM +0200, Jesper Wallin wrote: > Hello.. > > I've noticed a delay between when the security advisories are sent and > when the cvsup servers, ftp mirrors and web mirrors are updated. Is this > delay on purpose to give the users some time to update/patch their > syst

About the FreeBSD Security Advisories

2005-04-05 Thread Jesper Wallin
Hello.. I've noticed a delay between when the security advisories are sent and when the cvsup servers, ftp mirrors and web mirrors are updated. Is this delay on purpose to give the users some time to update/patch their system(s) before it hit pages like bugtraq, etc.. or is it just a caused by the

FreeBSD Security Advisory FreeBSD-SA-05:03.amd64

2005-04-05 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-05:03.amd64 Security Advisory The FreeBSD Project Topic: u

Re: Secunia / Firefox Javascript "Arbitrary Memory Exposure" test

2005-04-05 Thread Christopher Nehren
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2005-04-05, Ian G scribbled these curious markings: > I just confirmed the following bug on my firefox. > > http://secunia.com/advisories/14820/ I also see it in Seamonkey, Epiphany, and Galeon. Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8b) G

Secunia / Firefox Javascript "Arbitrary Memory Exposure" test

2005-04-05 Thread Ian G
I just confirmed the following bug on my firefox. http://secunia.com/advisories/14820/ Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050219 Firefox/1.0 (I think my firefox is a month or two behind, from ports, but the advisary indicates both 1.0.1 and 1.0.2 are effected.) FreeBSD loca

Re: FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile

2005-04-05 Thread Colin Percival
Uwe Doering wrote: > + vnode_pager_setsize(vp, 0); > > I wonder, isn't the variable 'vp' actually supposed to be 'ovp' in the > added line? Technically they are identical. 'ovp' is assigned from > 'vp' once in the variable definition section at the start of the function. >

Re: FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile

2005-04-05 Thread Uwe Doering
FreeBSD Security Advisories wrote: [...] a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_4.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CE