Re: about the NetBSD-SA2008-003

To: 史斌 <shibin%proba.com.cn@localhost>
Subject: Re: about the NetBSD-SA2008-003
From: Adrian Portelli <adrianp%NetBSD.org@localhost>
Date: Mon, 28 Apr 2008 12:46:15 +0100

史斌 wrote:

As the announcement onftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-003.txt.asc and
http://www.netbsd.org/support/security/patches-3.1.1.html

1. This security problem affected NetBSD-3.1 release and did not affect
   NetBSD-3.1.1 release.

2. NetBSD-3.1.2 which will be released in the future contains
   the fixed.

3. It can be fixed by fixing sys/netinet6/ipcomp_input.c

   However, I found the source file sys/netinet6/ipcomp_input.c in
NetBSD-3.1.1 release is same to the file in the NetBSD-3.1 release,and is different from the file in the source tree of NetBSD-3-1 branch.
Does it mean that the file in NetBSD-3.1 is not fixed and thefile in the source tree of NetBSD-3-1 branch is fixed?
   If it is true, why NetBSD-3.1 release is affected but NetBSD-3.1.1
release is not?

   Thank you.

Hi,

This is a problem with the advisory. In the 'Version' section it shouldalso state that the NetBSD 3.1.* releases are affected. I'll updatethis later today and re-issue the advisory.


thanks,

adrian.

References:
- about the NetBSD-SA2008-003
  - From: 史斌

Prev by Date: about the NetBSD-SA2008-003
Next by Date: NetBSD Security Advisory 2008-007: OpenSSL Multiple issues
Previous by Thread: about the NetBSD-SA2008-003
Next by Thread: NetBSD Security Advisory 2008-007: OpenSSL Multiple issues
Indexes:

Home | Main Index | Thread Index | Old Index