Re: Fw: FreeBSD Security Advisory FreeBSD-SA-07:07.bind

On 2007.08.05 07:41:44 -0500, Josh Paetzel wrote:
Simon L. Nielsen wrote:

RELENG_6 was already fixed 2007-07-25 08:23:08 UTC by dougb, so the
patch wasn't tested against RELENG_6 at all but only against the
release / security branches. Most of the time the released patches
will work against the stable branches, but not always.

This is sort of an unusual situation isn't it, where RELENG_6 is fixed
prior to the SA being released?

Not really unusual although many advisories have all branches fixed at
the same time. The same happened for FreeBSD-SA-07:02.bind and
FreeBSD-SA-07:03.ipv6, though it was only two days between RELENG_X
and advisory in those cases.

In this case the time between RELENG_X fix and advisory was a bit
longer since dougb was very fast in getting HEAD/RELENG_[56] fixed and
we couldn't get it all ready the week the BIND vulnerability was

If so it might have been useful for
the SA to say something about affecting STABLE before xxxx-xx-xx where
xxxx-xx-xx is the date that the fix was committed.

It actually already does since it's part of the normal advisory header

[Quoting FreeBSD-SA-07:07.bind]
Corrected: 2007-07-25 08:23:08 UTC (RELENG_6, 6.2-STABLE)
2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7)
2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19)
2007-07-25 08:24:40 UTC (RELENG_5, 5.5-STABLE)
2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15)

Simon L. Nielsen
FreeBSD Security Team
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"