A malicious developer added a backdoor to xz 5.6.0 and 5.6.1, and
snuck it into Fedora builds. That's the same version that FreeBSD
CURRENT uses. For multiple reasons we aren't vulnerable (the
malicious code isn't included in xz's git repo, only its dist
tarballs, the malicious code is only trigg
Sounds good.
On Tue, Aug 24, 2021 at 4:51 PM Gordon Tetlow wrote:
> There's always one. Thanks for the check. I've just pushed this to the
> website with the corrected link. It should be corrected in the next 5-10
> minutes online.
>
> Regards,
> Gordon
>
> On
The just published errata notice contains a bad url.
is: fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch
should be: https://security.FreeBSD.org/patches/EN-21:24/libcrypto.patch
-Alan
___
freebsd-security@freebsd.org mailing list
http
On Tue, Oct 24, 2017 at 3:07 AM, Borja Marcos wrote:
>
> Hi,
>
> I’ve come across a problem with the “daily” security job. On an overloaded
> system with lots of ZFS datasets,
> lots of files, heavy system load and, to add insult to injury, a ZFS crub
> going on the find’s issued by the
> period
I think you put the wrong revision numbers in here. Revision 300093 is the
kbd fix for stable/9. 300092 is the right revision for the sendmsg fix in
stable/10.
On Tue, May 17, 2016 at 4:40 PM, FreeBSD Security Advisories <
security-advisor...@freebsd.org> wrote:
> -BEGIN PGP SIGNED MESSAGE-
