- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jul 3 2019
Jul 3 2019
Add EN-19:12 and SA-19:09 to SA-19:11
Update UPDATING and bump newvers.sh
Fix privilege escalation in cd(4) driver.
Fix kernel stack disclosure in UFS/FFS.
Fix iconv buffer overflow.
Jul 2 2019
Jul 2 2019
Jun 29 2019
Jun 29 2019
Restart local_unbound service after the future build, if it is running.
Jun 21 2019
Jun 21 2019
Add 11.3-RC2 configuration.
Jun 19 2019
Jun 19 2019
Add UPDATING entries for today's release. Bump patch version.
Add ability to limit split map entries to prevent resource
Fix incorrect locking in networking stack.
Jun 18 2019
Jun 18 2019
Add the ability to switch the uarch flag to keep 12.0 from breaking.
Jun 17 2019
Jun 17 2019
D20392: random(4): Add regression tests for uint128 implementation, Chacha CTR is now accepted and ready to land.
This looks straightforward. Approved.
Jun 14 2019
Jun 14 2019
Jun 7 2019
Jun 7 2019
May 31 2019
May 31 2019
May 25 2019
May 25 2019
Switch logic in indexfiles to always remove the uarch flag.
Add limit for XZ_THREADS to the buildworld invocation.
Cleanup: Update EOL for 11.0-RELEASE to reflect reality.
gordon committed rS348264: Only fetch the iso (and hence overwrite) if the file isn't already there..
Only fetch the iso (and hence overwrite) if the file isn't already there.
Fix for newer versions of openssl.
May 15 2019
May 15 2019
Republish the SA-19:07.mds advisory due to 12.0-RELEASE i386 panic.
Bump patch revision for updated mds patches.
Correct a few small details in advisories.
Update version of MDS advisory
May 14 2019
May 14 2019
Done with the large patches.
Add SA-19:03 to SA-19:07 and EN-19:08 to EN-19:10.
I need to commit some large patches.
Bump newvers.sh and add UPDATING block.
Mitigations for Microarchitectural Data Sampling.
Mitigations for Microarchitectural Data Sampling.
Fix ICMP/ICMP6 packet filter bypass in pf.
Fix IPv6 fragment reassembly panic in pf
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update ntpd to 4.2.8p13 to fix authenticated denial of service.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Update hostapd/wpa_supplicant to 2.8 to fix multiple vulnerabilities.
Fix insufficient filename validation in scp client
Fix partially matching relative paths in xinstall.
Mar 21 2019
Mar 21 2019
Strong agree on separating any whitespace commits from functional commits. This is especially important for security sensitive content.
Mar 9 2019
Mar 9 2019
Correct wording around '-' masks.
Mar 6 2019
Mar 6 2019
Feb 5 2019
Feb 5 2019
Add SA-19:01, SA-19:02, EN-19:06, and EN-19:07.
Jan 9 2019
Jan 9 2019
Correct wrong year in advisory text.
Hopefully I won't need this again.
Add EN-19:01 through EN-19:05.
The sqlite patch is large....
Dec 19 2018
Dec 19 2018
Add SA-18:15 and EN-18:16 through EN-18:18.
Dec 12 2018
Dec 12 2018
Adjust section for secteam.
gordon closed D17984: Update secteam.
Promote remko to Deputy.
Update core team liason to reflect brooks taking the job..
Forgot to add this to the commit message to auto-close. This was committed as r52684.
Dec 6 2018
Dec 6 2018
Based on conversation with brooks, this doesn't need an advisory. Local DoS are exempt from SAs and the information leak is very low quality.
Dec 4 2018
Dec 4 2018
Publish FreeBSD-SA-18:14.bhyve.
gordon committed rS341488: Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve].
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
gordon committed rS341487: Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve].
Fix insufficient bounds checking in bhyve(8) device model. [SA-18:14.bhyve]
Always treat firmware request and response sizes as unsigned.
Nov 27 2018
Nov 27 2018
Add SA-18:13 and EN-18:13 through EN-18:15.
Fix deferred kernel loading breaks loader password. [EN-18:15.loader]
Timezone database information update. [EN-18:14.tzdata]
Fix ICMP buffer underwrite. [EN-18:13.icmp]
Fix multiple vulnerabilities in NFS server code. [SA-18:13.nfs]
Nov 14 2018
Nov 14 2018
Oct 25 2018
Oct 25 2018
gordon resigned from D4964: Protect calls to explicit_bzero() via by explicitly disabling the link-time and other optimizations that can cause code elimination..
I don't know enough to review this request. Maybe delphij, emaste or one of the other secteam members has more domain experience here.
Oct 24 2018
Oct 24 2018
Approved based on timeout from delphij.
Oct 20 2018
Oct 20 2018
I have no objection. I'm not sure I'm qualified to weigh in on it. If markm is okay with it, then I would go ahead with it.
Logic looks reasonable to me. I have only read through the logic, not tested it myself.
Sep 27 2018
Sep 27 2018
Add errata notices EN-18:09 through EN-18:12
Check to ensure the buffer returned is not NULL.
gordon committed rS338986: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
gordon committed rS338985: There are various cases where we modify the inp_vflag and inp_inc.inc_flags.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags
Clear stack allocated data structure to prevent kernel memory leak.
Fix small kernel memory disclosures. [EN-18:12.mem]
Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
Sep 12 2018
Sep 12 2018
Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
Fix improper elf header parsing. [SA-18:12.elf]
Correct ELF header parsing code to prevent invalid ELF sections from
Aug 24 2018
Aug 24 2018
gordon added a comment to D16873: Limit the harvest rate of "fast" entropy for random(4) so as not to overload the system..
Aug 23 2018
Aug 23 2018
Add secteam instead of just me.
Jun 21 2018
Jun 21 2018
Add today's advisory and notices.
Fix TLB shootdown for Xen based guests. [EN-18:07.pmap]
Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu]
May 20 2018
May 20 2018
Remove references to Perforce from the website.
May 12 2018
May 12 2018
Address feedback from bjk.