Re: Any status on timestamp vulnerability fix for 4.X?
Richard Coleman wrote:
> Any information on when (or if) the following timestamp vulnerability
> will be fixed for 4.X? Any information would be appreciated.
>
> http://www.kb.cert.org/vuls/id/637934
FYI, the fix for RELENG_5 applies to RELENG_4 as is (apart from the CVS
version header, of course):
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=u
After verifying its semantic correctness for RELENG_4 we've been running
the patch for a couple of weeks now with no ill effects.
I'm posting this also as an encouragement for committers to go ahead and
do the MFC. It's low hanging fruit.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org | http://www.escapebox.net
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 1 之 4 篇):