[545] in bugtraq
Re: Re: Re: Re: Sun Patch Id #102060-01
daemon@ATHENA.MIT.EDU (Mark Graff )
Tue Dec 20 18:11:13 1994
Date: Tue, 20 Dec 1994 11:18:53 -0800
From: Mark.Graff@Eng.Sun.COM ( Mark Graff )
To: bugtraq@fc.net, pwh@bradley.bradley.edu
I don't have yet an "official", releasable list of security patches that
were integrated into 4.1.4. But I do know that the pre-FCS version that
I tested in early September had *every* 4.1.x security patch integrated
into it.
Now that's not official. But I can't think of any reason why one would
have been pulled after I signed off on my part.
It sure stinks that the software we send out has that many bugs. But hey,
this is the first release that (so far as I am aware, remember) actually
has all of the known security patches in it. There are a few folks here who
worked real hard to make that happen. It's a kind of progress.
I've got a couple of queries out, trying to pull in a copy of the
official list. If I get it soon and I can release it I'll post it here.
No promises, this is a short week.
-mg-
From bugtraq-owner@fc.net Tue Dec 20 11:03:34 1994
Date: Tue, 20 Dec 94 11:07:34 -0600
To: bugtraq@fc.net
Subject: Re: Re: Re: Re: Sun Patch Id #102060-01
Precedence: bulk
>> >> 4.1.4 ??? I thought that 4.1.3_U1b was to be the very last release
>> >> of sunos4...
>> The people I spoke with were quick to point out that you don't buy
>> much over Solaris 1.1.1_U1 except to have a kernel for new HyperSparc
>> machines. Notably, I was told that it doesn't have the patches integrated
>> into it, just along in a subdirectory on the CDROM.
>Not what I heard from Mark Graff (A SUN Internal Security guy).
>He indicates that the patches are integrated. Now I have no
>personal knowledge of this yet.
Several people have told me this, as well as the fact that the
name resolver is based on a newer version of BIND (4.8.3 from
memory, but that may be wrong) as well.
I guess the CE I was talking to was not quite up on things, though
that seems atypical for him.
