jdolecek@NetBSD.org (Jaromir Dolecek) wrote:
> Stricly speaking, systrace was not part of any official release
> yet. AFAIK we don't normally do S-As for problems in -current. 
> The fix is pulled up to 2.0 branch already.
 
Thor Lancelot Simon <tls@rek.tjls.com> wrote:
> We may have offered to do a special security advisory for this issue at
> the request of the person who brought it to our attention;
> security-officer would have to comment on that.

We are happy that Stefan Esser notified Security-Officer directly on
this issue. We did promise to publish an SA for it. The process did get
interrupted by the furor over the recent TCP Advisory.

The systrace SA is now available:

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc

Web page updates will occur within the next hour (it's a cron job that I
don't have access to accelerate).

Emails to the usual mailing lists will be sent once the web page
displays the news item.

The lack of timeliness of the SA is primarily due to Security Officer
resource issues.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
Any sufficiently advanced Common Sense will seem like magic... 
					      - me