On 20/11/12 12:15, Gary Palmer wrote: > On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote: >> Regarding the 2012 compromise, I'm a little confused as to what was and >> wasn't affected: >> >> >From the release: >>> or of any ports compiled from trees obtained via any means other than >>> through svn.freebsd.org or one of its mirrors >> Does that mean that any ports updated using the standard "portsnap >> fetch" may have been affected, I'm guessing yes. >> > " We have also verified that the most recently-available portsnap(8) snapshot matches the ports Subversion repository, and so can be fully trusted. " I suppose that implies that the previous portsnap snapshots couldn't be [completely] trusted. Basically I wanted to know whether I had to go through all the ports I've updated from the snapshots within the given time frame and to a portupgrade --force on them. In the end I decided yes (luckily it's only on a single box) _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"