I thought the handling of that issue was very strange. I notified CERT, who apparently coordinated with FreeBSD, but no one ever really responded. The closest thing to an advisory that I can find at all is my post:
Probably has to do a lot with timing. At the time of your report, the Security Officer was DES. Life happened, and he wasn't able to keep up or respond to events as quickly.
As of June, Xin Li (previously Deputy Security Officer) has taken over as security officer and things have been handled very promptly and succinctly.
In the future do not be afraid to bang a drum loudly or do whatever it takes to get people's attention. It's unfortunate this wasn't immediately acted upon, but the community is needed just as much as the core team to keep things on track.
Thanks again for airing it publicly; I know I'm glad my servers are patched now.
https://reviews.freebsd.org/rS275833
I thought the handling of that issue was very strange. I notified CERT, who apparently coordinated with FreeBSD, but no one ever really responded. The closest thing to an advisory that I can find at all is my post:
http://www.openwall.com/lists/oss-security/2015/07/09/1
which contains a PoC that crashes the system. It's almost certainly possible to turn it into privilege escalation, though.
Go figure. I suspect that the security community just doesn't pay as much attention to FreeBSD as they do to Linux.