On June 19, 2019 8:23:59 AM GMT+03:00, Theo de Raadt <dera...@openbsd.org> 
wrote:
>Strahil Nikolov <hunter86...@yahoo.com> wrote:
>
>> I was wondering if CVE-2019-5598 is actually affecting openBSD.  I'm
>> asking as FreeBSD is usually several versions behind and this one
>> might not affect PF in recent openBSD versions.
>
>https://www.openbsd.org/errata63.html#p031_pficmp
>
>    031: SECURITY FIX: March 22, 2019   All architectures 
>    A state in pf could pass ICMP packets to a destination IP address
>    that did not match the state. 
>
>https://www.openbsd.org/errata64.html#p015_pficmp
>
>    015: SECURITY FIX: March 22, 2019   All architectures 
>    A state in pf could pass ICMP packets to a destination IP address
>    that did not match the state. 
>
>You probably had trouble connecting the dots because the original
>report
>was March 19, fixed on March 20, released as errata + syspatch on March
>22.  then we shipped the 6.5 release on May 1.
>
>So that means 6.5 shipped without the problem.
>
>FreeBSD finally release something on May 14.
>
>https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/031_pficmp.patch.sig
>
>You may also find it hard to believe it took two nearly months for them
>to merge a fix from OpenBSD which applied with mininum fuzz, validate
>it, and then ship it to users.  Also, that was done without mentioning
>that
>the fix was taken from an OpenBSD repair job which got done within 24
>hours
>of the initial report.  Rah rah for themselves, I suppose.

Hi Theo,
Thanks for the reply.

Yes , I really missed  that. I'm on 6.5 , so I'm good.
Good Job to all developers ! This speed is really impressive.

Best Regards,
Strahil Nikolov

Reply via email to