On Sat, Jan 24, 2004 at 01:08:46AM -0600, Mark Johnston wrote: > Last week's thread about status reports spurred me to come up with this > in a few idle hours. I've gone through the cvs-src mail from last week > and summarized what looked like the most important commits, along with > some of the longer threads that cropped up. I'm hoping for some comments > on this from some people who contributed to the thread; I'm also CCing > Jonathan Sage, who has rigged up an automated status update (and beaten me > to the punch by a damn sight), in hopes that we can work together on this > project. Excellent summaries. > First DragonflyBSD merge > ------------------------ > Jeffrey Hsu (hsu) merged some TCP code from DragonflyBSD_. Alexey > Dokuchaev suspects that this is the first merge from Dragonfly that > FreeBSD has seen. > > .. _DragonflyBSD: http://www.dragonflybsd.org/ Actually, the first merge was probably back in August. See FreeBSD-SA-03:10.ibcs2. David Rhodus discovered the issue in DragonFlyBSD and then Matt Dillon brought it to the attention of <security-officer_at_freebsd.org>. > ============= > Major changes > ============= > cvs security update > ------------------- > Jacques Vidrine (nectar) added two security patches to CVS. The first > stops CVS's native server mode, pserver, from being configured to run as > root. The second patch catches malicious requests that would cause the > CVS server to attempt to create directories in the root of the > filesystem holding the CVS repository. These were not really `Major changes', IMHO. Neither of these issues presented any risk on their own. Really poor configuration choices also would have to have been made. (Thus no advisory nor merging to the security branches.) In general, it is probably hard to decide what is `Major' or `Less-Major' or `Minor' :-) I hope you keep this up, I enjoyed reading it. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar_at_celabo.org jvidrine_at_verio.net nectar_at_freebsd.org nectar_at_kth.seReceived on Sat Jan 24 2004 - 06:30:34 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:39 UTC