Re: Did anyone else get a glut of old security/errata notices today??
- In reply to: Paul Mather : "Did anyone else get a glut of old security/errata notices today??"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 08 Nov 2022 17:06:33 UTC
Yup I received a bunch of them today. My server is on 13.1-RELEASE-p3, and laptop on latest stable/13, so it should have all of them already. Jonathan Vasquez PGP: 34DA 858C 1447 509E C77A D49F FB85 90B7 C4CA 5279 Sent with ProtonMail Secure Email ------- Original Message ------- On Tuesday, November 8th, 2022 at 11:50, Paul Mather <paul@gromit.dlib.vt.edu> wrote: > Today I received a glut of ten or so security/errata notices, some of which date back as far as 9th August: > > > On Aug 9, 2022, at 6:19 PM, FreeBSD Errata Notices errata-notices@freebsd.org wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > ============================================================================= > > FreeBSD-EN-22:19.pam_exec Errata Notice > > The FreeBSD Project > > > > Topic: NULL pointer dereference in pam_exec(8) > > > > Category: core > > Module: pam > > Announced: 2022-08-09 > > Affects: FreeBSD 13.0 and later > > Corrected: 2022-06-24 09:09:59 UTC (stable/13, 13.1-STABLE) > > 2022-08-09 20:01:22 UTC (releng/13.1, 13.1-RELEASE-p1) > > 2022-08-09 20:00:25 UTC (releng/13.0, 13.0-RELEASE-p12) > > > > For general information regarding FreeBSD Errata Notices and Security > > Advisories, including descriptions of the fields above, security > > branches, and the following sections, please visit > > URL:https://security.FreeBSD.org/. > > > > I. Background > > > > pam_exec(8) is a pam(3) module for delegating PAM service functions to an > > external program. When used for authentication, it can pass the user's > > authentication token to the external program. > > [[ etc. ]] > > > Looking at the headers, the common point of delay is the mail hop from mlmmj.nyi.freebsd.org -> mx1.freebsd.org. The in the case of the above Errata Notice the mail languished on mlmmj.nyi.freebsd.org from 9th August 2022 until 8th November 2022: > > > ===== > [[...]] > Received: from mlmmj.nyi.freebsd.org (mlmmj.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:24]) by mx1.freebsd.org (Postfix) with ESMTP id 4N62bh2W3xz4cyt for paul@gromit.dlib.vt.edu; Tue, 8 Nov 2022 09:19:12 +0000 (UTC) (envelope-from freebsd-security-notifications+bounces-11-paul=gromit.dlib.vt.edu@FreeBSD.org) > > Received: from mlmmj.nyi.freebsd.org (mlmmj.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:24]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2SZg0vyKz4YRd6; Tue, 9 Aug 2022 22:35:39 +0000 (UTC) (envelope-from freebsd-security-notifications+bounces-11@FreeBSD.org) > Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M2SZb4c04z4YRnN for freebsd-security-notifications@mlmmj.nyi.freebsd.org; Tue, 9 Aug 2022 22:35:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) > > Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M2SZb3rv6z3MvX; Tue, 9 Aug 2022 22:35:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) > Received: by freefall.freebsd.org (Postfix, from userid 945) id 5E29F172BB; Tue, 9 Aug 2022 22:35:35 +0000 (UTC) > ===== > > It goes some way to explaining why I saw a reply to the FreeBSD-EN-22:25.tcp e-mail on freebsd-stable on 3rd November without having seen the original Errata Notice. :-) > > I'm just wondering: did this happen to anyone else, or was I the only lucky Mail Delivery Powerball winner here? :-) > > Cheers, > > Paul.