Re: cvs commit: src/contrib/tar/src misc.c src/sys/dev/random yarrow.c
On 2007.11.29 18:00:38 +0000, Alexey Dokuchaev wrote:
> On Thu, Nov 29, 2007 at 04:08:54PM +0000, Simon L. Nielsen wrote:
> > simon 2007-11-29 16:08:54 UTC
> > FreeBSD src repository
> > Modified files: (Branch: RELENG_5)
> > contrib/tar/src misc.c
> > sys/dev/random yarrow.c
> > Log:
> > Correct a random value disclosure in random(4). [07:09]
> > Correct a gtar directory traversal vulnerability. [07:10]
> > Security: FreeBSD-SA-07:09.random
> > Security: FreeBSD-SA-07:10.gtar
> Is 4.x vulnerable?
For gtar, very likely. For random(4) I don't know - it's likely it
has older random code which isn't affected (at least I seem to recall
it was different)..
> Is it going to be fixed? I can test patches. :-)
I and secteam have no plans to fix it, but if someone wants to fix it
in RELENG_4 we don't have any problems with that.
Simon L. Nielsen
Received on Thu Nov 29 2007 - 20:23:37 UTC