cvs commit: src/contrib/tar/src misc.c src/sys/dev/random
yarrow.c
Alexey Dokuchaev
danfe at FreeBSD.org
Thu Nov 29 13:12:12 PST 2007
On Thu, Nov 29, 2007 at 09:23:35PM +0100, Simon L. Nielsen wrote:
> On 2007.11.29 18:00:38 +0000, Alexey Dokuchaev wrote:
> > On Thu, Nov 29, 2007 at 04:08:54PM +0000, Simon L. Nielsen wrote:
> > > simon 2007-11-29 16:08:54 UTC
> > >
> > > FreeBSD src repository
> > >
> > > Modified files: (Branch: RELENG_5)
> > > contrib/tar/src misc.c
> > > sys/dev/random yarrow.c
> > > Log:
> > > Correct a random value disclosure in random(4). [07:09]
> > >
> > > Correct a gtar directory traversal vulnerability. [07:10]
> > >
> > > Security: FreeBSD-SA-07:09.random
> > > Security: FreeBSD-SA-07:10.gtar
> >
> > Is 4.x vulnerable?
>
> For gtar, very likely.
Yeah, I've seen jhb@ had fixed it in RELENG_4.
> has older random code which isn't affected (at least I seem to recall
> it was different)..
OK.
./danfe
More information about the cvs-src
mailing list