On Thu, Mar 05, 2026 at 05:49:51PM +0000, Shawn Webb wrote: > On Thu, Mar 05, 2026 at 04:13:25PM +0000, Baptiste Daroussin wrote: > > The branch main has been updated by bapt: > > > > URL: > > https://cgit.FreeBSD.org/src/commit/?id=6d2a147ae558ef423e3df451a9049200b291a8d0 > > > > commit 6d2a147ae558ef423e3df451a9049200b291a8d0 > > Author: Baptiste Daroussin <[email protected]> > > AuthorDate: 2026-03-05 16:12:51 +0000 > > Commit: Baptiste Daroussin <[email protected]> > > CommitDate: 2026-03-05 16:13:08 +0000 > > > > libedit: fix use after free > > --- > > contrib/libedit/map.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > Hey Baptiste, > > UAF bugs are typically thought to be security issues. Does this > particular fix warrant a security advisory? The log is unfortunately > lacking much useful metadata usually included in these kinds of > commits.
Chatted out-of-band with another FreeBSD developer. Turns out this UAF only existed in main for nine hours. Didn't make it to a stable or releng branch. A Fixes: tag probably could've helped address the confusion. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Signal Username: shawn_webb.74 Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
