reporter on deadline seeks comment about reported security bug in FreeBSD

Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says he notified the FreeBSD Foundation on August 29 and never got a response. We'll be writing a brief article about this.

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Am 2009/9/14 Dan Goodin writhed: > Hello, > > Dan Goodin, a reporter at technology news website The Register. Security > researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD > has a security bug. He says he notified the FreeBSD Foundation on August > 29 and never got a response.

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Sep 14, 2009, at 3:12 PM, Dan Goodin wrote: Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says he notified the FreeBSD Foundation on August 29 and never go

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Dan Goodin wrote: Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says he notified the FreeBSD Foundation on August 29 and never got a response. We'll be writing a brief

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Mon, Sep 14, 2009 at 05:21:48PM -0400, Mikel King thus spake: On Sep 14, 2009, at 3:12 PM, Dan Goodin wrote: Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says h

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Mikel King wrote: Hasn't 6.x been End Of Lifed? I mean considering that 8.0 is expected to be released either later this month or early next, and 6.x will be officially retired at that time, is it possible that this was overlooked? Personally I don't think it's ever good to overlook security,

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Mon, Sep 14, 2009 at 05:21:48PM -0400, Mikel King wrote: > > On Sep 14, 2009, at 3:12 PM, Dan Goodin wrote: > > > Hello, > > > > Dan Goodin, a reporter at technology news website The Register. > > Security > > researcher Przemyslaw Frasunek says versions 6.x through 6.4 of > > FreeBSD > >

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: > Am 2009/9/14 Dan Goodin writhed: > > Hello, > > > > Dan Goodin, a reporter at technology news website The Register. Security > > researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD > > has a security bug. He sa

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Monday 14 September 2009 23:46:42 David Kelly wrote: > On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: > > Am 2009/9/14 Dan Goodin writhed: > > > Hello, > > > > > > Dan Goodin, a reporter at technology news website The Register. > > > Security researcher Przemyslaw Frasunek sa

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Matthew Seaman wrote: > Mikel King wrote: > >> Hasn't 6.x been End Of Lifed? I mean considering that 8.0 is expected to >> be released either later this month or early next, and 6.x will be >> officially retired at that time, is it possible that this was >> overlooked? Personally I don't think it

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On 2009-09-14 12:12, Dan Goodin wrote: > We'll be writing a brief article about this. I didn't notice anyone link the finished article yet, so here it is: http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ -- Matthew Anthony Kolybabi (Mak) () ASCII Ribbon Campaign | Against HTML e-ma

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Hi Dan, The right place to report security problems with FreeBSD is to the Security Officer team. A PGP signed email to the email address of the security team at is enough to get the attention of the FreeBSD Project. Przemyslaw should email security-officer with any details he thinks are releva

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Giorgos Keramidas wrote: > Przemyslaw should email security-officer with any details he thinks are > relevant. Then the security team will make sure to fix the bug for all > affected releases of FreeBSD, release a patch with the fix, issue an > advisory through the usual channels, and post the det

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Mel Flynn wrote: > > On Monday 14 September 2009 23:46:42 David Kelly wrote: > > On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: > > > Am 2009/9/14 Dan Goodin writhed: > > > > Hello, > > > > > > > > Dan Goodin, a reporter at technology news website The Register. > > > > Security

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tuesday 15 September 2009 09:58:31 Przemyslaw Frasunek wrote: > Giorgos Keramidas wrote: > > Przemyslaw should email security-officer with any details he thinks are > > relevant. Then the security team will make sure to fix the bug for all > > affected releases of FreeBSD, release a patch with

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 15 Sep 2009 09:58:31 +0200, Przemyslaw Frasunek wrote: > Giorgos Keramidas wrote: >> Przemyslaw should email security-officer with any details he thinks are >> relevant. Then the security team will make sure to fix the bug for all >> affected releases of FreeBSD, release a patch with the

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 15 Sep 2009 07:18:26 -0400 Bill Moran wrote: > Mel Flynn wrote: > > > > On Monday 14 September 2009 23:46:42 David Kelly wrote: > > > On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: > > > > Am 2009/9/14 Dan Goodin writhed: > > > > > Hello, > > > > > > > > > > Dan Goodi

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 2009-09-15 at 10:49 -0400, Jerry wrote: > On Tue, 15 Sep 2009 07:18:26 -0400 > Bill Moran wrote: > > > Mel Flynn wrote: > > > > > > On Monday 14 September 2009 23:46:42 David Kelly wrote: > > > > On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: > snip > I usually disco

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

In response to Jerry : > On Tue, 15 Sep 2009 07:18:26 -0400 > Bill Moran wrote: > > > Mel Flynn wrote: > > > > > > On Monday 14 September 2009 23:46:42 David Kelly wrote: > > > > On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: > > > > > Am 2009/9/14 Dan Goodin writhed: > > >

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 15 Sep 2009 11:13:31 -0400 Bill Moran wrote: > In response to Jerry : > > > On Tue, 15 Sep 2009 07:18:26 -0400 > > Bill Moran wrote: > > > > > Mel Flynn wrote: > > > > > > > > On Monday 14 September 2009 23:46:42 David Kelly wrote: > > > > > On Mon, Sep 14, 2009 at 05:13:54PM -0400, i

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 15 Sep 2009 13:03:50 -0400 Jerry wrote: > On Tue, 15 Sep 2009 11:13:31 -0400 > Bill Moran wrote: > > > In response to Jerry : > > > > > > > > I usually discover security problems with updates I receive from > > > . Aren't FreeBSD security problems > > > report

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 15 Sep 2009 13:18:29 -0400 Bill Moran wrote: > On Tue, 15 Sep 2009 13:03:50 -0400 > Jerry wrote: > > > On Tue, 15 Sep 2009 11:13:31 -0400 > > Bill Moran wrote: > > > > > In response to Jerry : > > > > > > > > > > > I usually discover security problems with updates I receive from > >

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tuesday 15 September 2009 20:13:17 Jerry wrote: > On Tue, 15 Sep 2009 13:18:29 -0400 > > Bill Moran wrote: > > On Tue, 15 Sep 2009 13:03:50 -0400 > > > > Jerry wrote: > > > On Tue, 15 Sep 2009 11:13:31 -0400 > > > > > > Bill Moran wrote: > > > > In response to Jerry : > > > > > I usually dis

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Jerry wrote: Now, if you don't like that, "KISS MY ASS". I love IT mail lists! So classy. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I too

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 15 Sep 2009 20:51:40 +0200 Mel Flynn wrote: > Please inform yourself properly before assuming you're right. Mozilla > does not by default publish vulnerabilities before a fix is known. In > some cases publishing has been delayed by months. The exception is > when exploits are already in t

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Jerry wrote: On Tue, 15 Sep 2009 20:51:40 +0200 Mel Flynn wrote: Please inform yourself properly before assuming you're right. Mozilla does not by default publish vulnerabilities before a fix is known. In some cases publishing has been delayed by months. The exception is when exploits are alre

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tuesday 15 September 2009 21:14:25 Jerry wrote: > On Tue, 15 Sep 2009 20:51:40 +0200 > > Mel Flynn wrote: > > The exception is > > when exploits are already in the wild and a work around is available, > > while a real fix will take more work. > Assume that I have discovered a vulnerability i

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 15 Sep 2009 15:28:59 -0400 DAve wrote: > Jerry wrote: > > On Tue, 15 Sep 2009 20:51:40 +0200 > > Mel Flynn wrote: > > > >> Please inform yourself properly before assuming you're right. > >> Mozilla does not by default publish vulnerabilities before a fix > >> is known. In some cases pub

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Jerry wrote: > Waiting until someone is harmed is tantamount to being an > accomplice to the act. And providing details of a currently-undefendable vulnerability to a black hat who did not previously know about it, thereby enabling the black hat to perpetrate harm that would otherwise not have oc

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

On Tue, 15 Sep 2009 23:47:10 -0700 per...@pluto.rain.com wrote: > Jerry wrote: > > Waiting until someone is harmed is tantamount to being an > > accomplice to the act. > > And providing details of a currently-undefendable vulnerability > to a black hat who did not previously know about it, there

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

--On Wednesday, September 16, 2009 06:08:50 -0500 Jerry wrote: On Tue, 15 Sep 2009 23:47:10 -0700 per...@pluto.rain.com wrote: Jerry wrote: > Waiting until someone is harmed is tantamount to being an > accomplice to the act. And providing details of a currently-undefendable vulnerability

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Mak Kolybabi wrote: On 2009-09-14 12:12, Dan Goodin wrote: We'll be writing a brief article about this. I didn't notice anyone link the finished article yet, so here it is: http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ -- Matthew Anthony Kolybabi (Mak) () ASCII Ribbo

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

http://www.vimeo.com/6580991 The article says that "Versions 7.1 and and beyond are not vulnerable." That video contradicts that. As someone who has manipulated moving picture for fun and profit, having a video of something is a proof of nothing. For all what it's worth the OS in video might

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Reko Turja pisze: > As someone who has manipulated moving picture for fun and profit, having > a video of something is a proof of nothing. For all what it's worth the > OS in video might be FreeBSD - or even loonix made to look like FreeBSD, > made vulnerable on purpose of tarring the project. > >

Re: reporter on deadline seeks comment about reported security bug in FreeBSD

Przemyslaw Frasunek wrote: > Giorgos Keramidas wrote: >> Przemyslaw should email security-officer with any details he thinks are >> relevant. Then the security team will make sure to fix the bug for all >> affected releases of FreeBSD, release a patch with the fix, issue an >> advisory through th