Re: [Re: FreeBSD 3.3's seyon vulnerability]

[btellier () USA NET (Brock Tellier)]

It would be nice if you:

(a) filed a pr using send-pr(1) or the web interface
or
(b) contacted security-officer () FreeBSD org
or
(c) sent mail to the maintainer of the port

I've sent mail to security-officer () freebsd org several times regarding the
"faxalter" exploit and "amanda" exploit and recieved no response. 
Interestingly, now that I have neglected to send mail to this address, I've
recieved a response from someone.  You can't expect people to keep sending
mail into the void until someone at FreeBSD decides that "this one is
important enough".  I gave the standard week or so to recieve email back for
the previous vulnerabilities I reported and will do so in the future.  If I
don't hear back, you can bet I'll still post.

Brock Tellier
UNIX Systems Administrator
Chicago, IL, USA

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1