tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: about the NetBSD-SA2008-003

史斌 wrote:
As the announcement on and

1. This security problem affected NetBSD-3.1 release and did not affect
   NetBSD-3.1.1 release.

2. NetBSD-3.1.2 which will be released in the future contains
   the fixed.

3. It can be fixed by fixing sys/netinet6/ipcomp_input.c

   However, I found the source file sys/netinet6/ipcomp_input.c in
NetBSD-3.1.1 release is same to the file in the NetBSD-3.1 release, and is different from the file in the source tree of NetBSD-3-1 branch.

Does it mean that the file in NetBSD-3.1 is not fixed and the file in the source tree of NetBSD-3-1 branch is fixed?

   If it is true, why NetBSD-3.1 release is affected but NetBSD-3.1.1
release is not?

   Thank you.


This is a problem with the advisory. In the 'Version' section it should also state that the NetBSD 3.1.* releases are affected. I'll update this later today and re-issue the advisory.



Home | Main Index | Thread Index | Old Index