Re: Fw: FreeBSD Security Advisory FreeBSD-SA-07:07.bind

On 2007.08.05 07:41:44 -0500, Josh Paetzel wrote:
> Simon L. Nielsen wrote:
>
> > RELENG_6 was already fixed 2007-07-25 08:23:08 UTC by dougb, so the
> > patch wasn't tested against RELENG_6 at all but only against the
> > release / security branches.  Most of the time the released patches
> > will work against the stable branches, but not always.
> 
> This is sort of an unusual situation isn't it, where RELENG_6 is fixed
> prior to the SA being released?

Not really unusual although many advisories have all branches fixed at
the same time.  The same happened for FreeBSD-SA-07:02.bind and
FreeBSD-SA-07:03.ipv6, though it was only two days between RELENG_X
and advisory in those cases.

In this case the time between RELENG_X fix and advisory was a bit
longer since dougb was very fast in getting HEAD/RELENG_[56] fixed and
we couldn't get it all ready the week the BIND vulnerability was
announced.

> If so it might have been useful for
> the SA to say something about affecting STABLE before xxxx-xx-xx where
> xxxx-xx-xx is the date that the fix was committed.

It actually already does since it's part of the normal advisory header
information:

[Quoting FreeBSD-SA-07:07.bind]
Corrected:      2007-07-25 08:23:08 UTC (RELENG_6, 6.2-STABLE)
                2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7)
                2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19)
                2007-07-25 08:24:40 UTC (RELENG_5, 5.5-STABLE)
                2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15)

-- 
Simon L. Nielsen
FreeBSD Security Team
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"