Diffusion FreeBSD src repository - subversion rS71982

A recent commit (1.131.2.13) removed the security fix associated with
rS71982Unpublished
Actions

Unpublished Commit · Learn More

No further details are available.

Description

A recent commit (1.131.2.13) removed the security fix associated with
FreeBSD-SA-01:08, breaking the "established" TCP matching flag even
more than it was prior to the security advisory. Reinstate the fix by
restoring the conditional assocated with entering tcpflg_match().

Reported by a number of people via send-pr, security-officer,
et al., including:

Steven Farmer <steve@megahack.com>
Bernd Luevelsmeyer <bdluevel@heitec.net>
Andrew Gordon <arg@arg1.demon.co.uk>

Thanks to those people for bringing this to our attention in such a
timely manner. An updated advisory and/or announcement to the
freebsd-stable mailing list will be forthcoming, once all parties have
confirmed that this resolves the problems they were experiencing.

PR: 24833
Approved by: security-officer
Slap on the wrist to: luigi

Details

Provenance

rwatson

Authored on

Parents

rS71981: MFC (1.23): Add support for PC-card router configuration. (MFPAO)

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (1)

Path

Size

stable/

sys/

netinet/

ip_fw.c

rS71982

View Options

stable/4/sys/netinet/ip_fw.c

A recent commit (1.131.2.13) removed the security fix associated withrS71982UnpublishedActions