Dear all, Browsing through the securityfocus vulnerability database I found two items, that might interesting for the FreeBSD community: 1. GNU GNATS Syslog() Format String Vulnerability http://www.securityfocus.com/bid/10609 GNATS is vital part of the PR handling of FreeBSD. I think security officers should contact developers of GNU GNATS about this issue to resolve the potential problem. 2. gzip: Insecure creation of temporary files http://www.securityfocus.com/bid/10603 In reality this affects only znew and gzexe only gzip version prior 1.3.3-r4 I am not quite sure about the whether this vulnerability exist in the current gzip 1.2.4, that is used in FreeBSD. According to the gzip page: http://www.gzip.org - new official version will be posted soon.... Are there any plan to go forward gzip 1.3 ? Best Regards, Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"