FreeBSD Security Advisory – A local user can read files which have been updated by freebsd-update(8), even if those files have permissions which would normally not allow users to read them. In particular, on systems which have been upgraded using ‘freebsd-update upgrade’, local users can read freebsd-update’s backed-up copy of the master password file.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83416/FreeBSD-SA-09-17.freebsd-update.txt
Source: https://packetstormsecurity.com/files/83416/FreeBSD-Security-Advisory-freebsd-update.html