|Summary:||Freeze attacks against freebsd-update(8)|
|Product:||Base System||Reporter:||David <david.i.noel>|
|Component:||bin||Assignee:||freebsd-bugs mailing list <bugs>|
|Severity:||Affects Only Me||CC:||emaste|
Description David 2014-04-10 17:50:00 UTC
freebsd-update is vulnerable to freeze attacks. Fix: Solution summary: the server-side inclusion of date-stamps, and strict client-side enforcement of expiration policies would mitigate this attack vector.
Comment 1 Mark Linimon 2014-04-14 00:27:34 UTC
Responsible Changed From-To: freebsd-bugs->cperciva Over to maintainer.
Comment 2 Eitan Adler 2018-05-28 19:42:30 UTC
batch change: For bugs that match the following - Status Is In progress AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
Comment 3 Colin Percival 2019-03-12 23:00:16 UTC
Drop freebsd-update PRs which were assigned to me. I'm not working on this code any more.