Incoherence in libidn2 vulnerability

# pkg audit libidn2-2.2.0 is vulnerable: libidn2 -- roundtrip check vulnerability CVE: CVE-2019-12290 WWW: https://vuxml.FreeBSD.org/freebsd/f04f840d-0840-11ea-8d66-75d3253ef913.html Opening the link, I find: GNU libidn2 *before* 2.2.0 fails... Which is right? Is 2.2.0

Re: [Bug 233475] www/gitea: Update to 1.6.0 (Fixes security vulnerability)

> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233475 > > Bernhard Froehlich changed: > > What|Removed |Added > > Status|New |Closed >

Re: net-p2p/transmission-daemon vulnerability

Please excuse the earlier blank mail- Android Gmail being moronic again :( Hello all, I've just been alerted to an issue with transmission, but only the daemon. Basically, you can fool it into believing that a remote host is localhost, and can therefore break in to it. This is an issue if

net-p2p/transmission-daemon vulnerability

___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Vulnerability

Op 30-6-2017 om 18:23 schreef Carlos Jacobo Puga Medina: I have submitted a patch to update libgcrypt to 1.7.8 (still pending for an exp-run) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220382 You can grab the patch, apply and build the port. Thanks Carlos, appreciate your support.

Re: Vulnerability

Hi, > Enviar: viernes 30 de junio de 2017 a las 18:04 > De: "Jos Chrispijn" <bsdpo...@cloudzeeland.nl> > Para: "FreeBSD Ports ML" <freebsd-ports@freebsd.org>, c...@freebsd.org > Asunto: Vulnerability > > Dear port maintainer, > > Just to l

Re: Vulnerability

> On 30 Jun, 2017, at 10:04, Jos Chrispijn wrote: > > Dear port maintainer, > > Just to let you know that I ran into the following vulenerability report: > > libgcrypt-1.7.7 is vulnerable: > libgcrypt -- side-channel attack on RSA secret keys > CVE: CVE-2017-7526 >

Vulnerability

Dear port maintainer, Just to let you know that I ran into the following vulenerability report: libgcrypt-1.7.7 is vulnerable: libgcrypt -- side-channel attack on RSA secret keys CVE: CVE-2017-7526 WWW:https://vuxml.FreeBSD.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html Could you send

Re: mariadb101-server vulnerability?

On 2016-08-08 12:02, Bernard Spil wrote: The CVE's mention MariaDB where applicable. Added versions where these vulns were fixed for MariaDB. PerconaDB follows the MySQL release numbering and has also received updates so I added version checks there as well. See

Re: mariadb101-server vulnerability?

;>> > >>> > Kubilay Kocak <ko...@freebsd.org> wrote: >>> > >>> >> Unfortunately you are yet one more example of a user that's been left in >>> >> the lurch without information or recourse wondering (rightfully) how >>> >> they can re

Re: mariadb101-server vulnerability?

in >> the lurch without information or recourse wondering (rightfully) how >> they can resolve or mitigate this vulnerability. Our apologies. > > While we are that topic, I am wondering about that 14 days old warning, as well: > >mariadb101-server-10.1.16 is vulnerable: >M

Re: mariadb101-server vulnerability?

the lurch without information or recourse wondering (rightfully) how > >> they can resolve or mitigate this vulnerability. Our apologies. > > > > While we are that topic, I am wondering about that 14 days old warning, as > > well: > > > > mariadb101-ser

Re: mariadb101-server vulnerability?

On 6/08/2016 7:23 AM, Michael Grimm wrote: > Hi — > > Kubilay Kocak <ko...@freebsd.org> wrote: > >> Unfortunately you are yet one more example of a user that's been left in >> the lurch without information or recourse wondering (rightfully) how >> they can re

Re: tiff vulnerability in ports?

On 06/08/2016 04:39, alphachi wrote: > Any update doesn't still land on ports tree, but now "pkg audit -F" won't > report graphics/tiff is vulnerable. There has been a revised judgement about the gif2tiff program, in that while it can be made to crash by a specially crafted gif file, that does

Re: tiff vulnerability in ports?

re 4.0.7 is affected, but >> >>> apparently that version hasn't been released yet (according to >> >>> http://www.remotesensing.org/libtiff/, the latest stable release is >> still >> >>> 4.0.6). >> >>> >> >>> Anyone know what's

Re: tiff vulnerability in ports?

ng.org/libtiff/, the latest stable release is > still > >>> 4.0.6). > >>> > >>> Anyone know what's going on? Is there a release upcoming to fix this? > > > > Yeah -- this vulnerability: > > > > https://vuxml.freebsd.org/freebsd/c17

mariadb101-server vulnerability? (was: tiff vulnerability in ports?)

Hi — Kubilay Kocak <ko...@freebsd.org> wrote: > Unfortunately you are yet one more example of a user that's been left in > the lurch without information or recourse wondering (rightfully) how > they can resolve or mitigate this vulnerability. Our apologies. While we are t

Re: tiff vulnerability in ports?

ore 4.0.7 is affected, but >>> apparently that version hasn't been released yet (according to >>> http://www.remotesensing.org/libtiff/, the latest stable release is still >>> 4.0.6). >>> >>> Anyone know what's going on? Is there a release upcoming to fix this? &

Re: tiff vulnerability in ports?

>> http://www.remotesensing.org/libtiff/, the latest stable release is still >> 4.0.6). >> >> Anyone know what's going on? Is there a release upcoming to fix this? Yeah -- this vulnerability: https://vuxml.freebsd.org/freebsd/c17fe91d-4aa6-11e6-a7bd-14dae9d210b8.html

Re: graphics/ImageMagick vulnerability status?

Really doesn't help that they keep revising the fix, 3 releases in 6 days, latest version actually being 6.9.4-1 :( On 10/05/2016 15:09, Stefan Bethke wrote: Hey, according to https://www.imagemagick.org/discourse-server/viewtopic.php?f=4=29588, a release 6.9.4-0 should be out that improves

graphics/ImageMagick vulnerability status?

Hey, according to https://www.imagemagick.org/discourse-server/viewtopic.php?f=4=29588, a release 6.9.4-0 should be out that improves the situation significantly. It appears that graphics/ImageMagick is at 6.9.3. It would be nice if people who follow ImageMagick more closely than me could

Re: openoffice vulnerability?

On 05/15/15 07:11, George Mitchell wrote: Nightly security report sez: Checking for packages with security vulnerabilities: Database fetched: Thu May 14 03:10:05 EDT 2015 apache-openoffice-4.1.1_9 [...] And now Don Lewis has removed this erroneous entry from the data base of

openoffice vulnerability?

: Add a patch to fix the HWP filter vulnerability documented in CVE-2015-1774 and http://www.openoffice.org/security/cves/CVE-2015-1774.html Approved by:mat (mentor) MFH:2015Q2 Security: b13af778-f4fc-11e4-a95d-ac9e174be3af Differential Revision: https

Vulnerability on Tomcat 6.x (6.0.42) and 7.x (7.0.55) and 8.x (8.0.9)

Hi, A CVE-2014-0227 was released yesterday about possibles DOS attacks on apache tomcat. Updates are available on the website[2]. Cheers, - rodrigo [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0227 [2] http://tomcat.apache.org/security-7.html

Re: Vulnerability on Tomcat 6.x (6.0.42) and 7.x (7.0.55) and 8.x (8.0.9)

Hi! A CVE-2014-0227 was released yesterday about possibles DOS attacks on apache tomcat. Updates are available on the website[2]. ale@ updated the ports. -- p...@opsec.eu+49 171 3101372 5 years to go ! ___

Re: portaudit: Wrong vulnerability information for devel/dbus

Am 2013-06-14 06:19, schrieb RyōTa SimaMoto: Hi, portaudit rejects the latest version (1.6.12) of devel/dbus because acceptable version is set too higher (1.16.12) than it. http://portaudit.FreeBSD.org/4e9e410b-d462-11e2-8d57-080027019be0.html ___

portaudit: Wrong vulnerability information for devel/dbus

Hi, portaudit rejects the latest version (1.6.12) of devel/dbus because acceptable version is set too higher (1.16.12) than it. http://portaudit.FreeBSD.org/4e9e410b-d462-11e2-8d57-080027019be0.html ___ freebsd-ports@freebsd.org mailing list

Re: Opera vulnerability, marked forbidden instead of update?

this message in context: http://freebsd.1045724.n5.nabble.com/Opera-vulnerability-marked-forbidden-instead-of-update-tp5763426p5765785.html Sent from the freebsd-ports mailing list archive at Nabble.com. ___ freebsd-ports@freebsd.org mailing list http

Re: Opera vulnerability, marked forbidden instead of update?

On Fri, 23 Nov 2012 09:00:59 + Matthew Seaman matt...@freebsd.org wrote: On 23/11/2012 08:26, Matthieu Volat wrote: I've noticed that www/opera was marked FORBIDDEN because of a security hole: http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head The opera

Opera vulnerability, marked forbidden instead of update?

Hello, I've noticed that www/opera was marked FORBIDDEN because of a security hole: http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head The opera software compagny advisory indeed mark this bug as high severity, and mention that there is an update to fix it. I am not

Re: Opera vulnerability, marked forbidden instead of update?

On 23/11/2012 08:26, Matthieu Volat wrote: I've noticed that www/opera was marked FORBIDDEN because of a security hole: http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head The opera software compagny advisory indeed mark this bug as high severity, and mention that

Re: Opera vulnerability, marked forbidden instead of update?

On Friday 23 November 2012 03:00:59 Matthew Seaman wrote: On 23/11/2012 08:26, Matthieu Volat wrote: I've noticed that www/opera was marked FORBIDDEN because of a security hole: http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-h ead The opera software compagny

Re: Opera vulnerability, marked forbidden instead of update?

On Fri, 23 Nov 2012 09:00:59 + Matthew Seaman matt...@freebsd.org wrote: On 23/11/2012 08:26, Matthieu Volat wrote: I've noticed that www/opera was marked FORBIDDEN because of a security hole: http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head The opera

Re: Python upgrade to address vulnerability?

Doug Barton wrote on 15.02.2012 02:20: So apparently we have a python vulnerability according to http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html, but I'm not seeing an upgrade to address it yet. Any idea when that will happen? Thanks, Doug Patch is there: http

Re: Python upgrade to address vulnerability?

2012/2/15 Ruslan Mahmatkhanov cvs-...@yandex.ru Doug Barton wrote on 15.02.2012 02:20: So apparently we have a python vulnerability according to http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-** 003067b2972c.htmlhttp://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html

Re: Python upgrade to address vulnerability?

wen heping wrote on 15.02.2012 14:16: 2012/2/15 Ruslan Mahmatkhanovcvs-...@yandex.ru Doug Barton wrote on 15.02.2012 02:20: So apparently we have a python vulnerability according to http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-** 003067b2972c.htmlhttp://portaudit.FreeBSD.org

Re: Python upgrade to address vulnerability?

2012/2/15 Ruslan Mahmatkhanov cvs-...@yandex.ru wen heping wrote on 15.02.2012 14:16: 2012/2/15 Ruslan Mahmatkhanovcvs-...@yandex.ru** Doug Barton wrote on 15.02.2012 02:20: So apparently we have a python vulnerability according to http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1

Python upgrade to address vulnerability?

So apparently we have a python vulnerability according to http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html, but I'm not seeing an upgrade to address it yet. Any idea when that will happen? Thanks, Doug -- It's always a long day; 86400 doesn't fit into a short

[joernc...@phenoelit.de: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability]

] Advisory: sudo 1.8 Format String Vulnerability User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111224 Thunderbird/9.0.1 Hi, FYI, see attached. cheers, joernchen -- joernchen ~ Phenoelit joernc...@phenoelit.de ~ C776 3F67 7B95 03BF 5344 http://www.phenoelit.de ~ A46A 7199 8B7B

Re: ports/155355: mail/mailman: XXS vulnerability affecting Mailman 2.1.14 and prior

I'm going to be traveling from 3/8 through 3/9. If anyone can get to this before I return please feel free to commit as necessary. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any

Re: PHP52 vulnerability

I question the vulnerability. I don't think it applies. the alert is from 2006, and there isn't a POC I have tested against php52- 5.2.17 with nulls in it that seems to trigger anything but 404 errors. (please don't try on ours... this is not a challenge. but if you have a POC, let me know

Re: PHP52 vulnerability

Hi, On Thu, Mar 3, 2011 at 12:09 PM, Andrea Venturoli m...@netfence.it wrote: Hello. As you probably know, it looks like php52 is vulnerable: Affected package: php52-5.2.17 Type of problem: php -- NULL byte poisoning. Reference:

Re: fixing the vulnerability in linux-f10-pango-1.22.3_1

, the procedure above would have to be put into a shell script for a willing commiter to repeat. Every time this vulnerability comes up at ports@ or emulation@, some commitor ask for a (trusted) rpm to fix it. Thus, there might be one. There was another person doing something similar too. I got

Re: fixing the vulnerability in linux-f10-pango-1.22.3_1

That mail go unanswered (at least as far as the mailing list archive goes). Probably, the procedure above would have to be put into a shell script for a willing commiter to repeat. Every time this vulnerability comes up at ports@ or emulation@, some commitor ask for a (trusted) rpm to fix it. Thus

Re: fixing the vulnerability in linux-f10-pango-1.22.3_1

On Mon, Feb 14, 2011 at 8:45 AM, Tom Uffner t...@uffner.com wrote: would a src-rpm verifiably generated from the Fedora 10 src-rpm (or the pango project tarball) and the RHEL 5 patch solve this? I may not have a Reputation, but I've been around since 4.1BSD and a search of the tree and the PRs

Re: fixing the vulnerability in linux-f10-pango-1.22.3_1

://lists.freebsd.org/pipermail/freebsd-emulation/2010-December/008264.html That mail go unanswered (at least as far as the mailing list archive goes). Probably, the procedure above would have to be put into a shell script for a willing commiter to repeat. Every time this vulnerability comes up

fixing the vulnerability in linux-f10-pango-1.22.3_1

is there any point in trying to update linux-f10-pango to address this vulnerability? Affected package: linux-f10-pango-1.22.3_1 Type of problem: pango -- integer overflow. Reference: http://portaudit.FreeBSD.org/4b172278-3f46-11de-becb-001cc0377035.html I realize that I can install it w

Re: fixing the vulnerability in linux-f10-pango-1.22.3_1

Am 13.02.2011 22:53, schrieb Tom Uffner: is there any point in trying to update linux-f10-pango to address this vulnerability? Affected package: linux-f10-pango-1.22.3_1 Type of problem: pango -- integer overflow. Reference: http://portaudit.FreeBSD.org/4b172278-3f46-11de-becb-001cc0377035

apr vulnerability

On one of the servers I manage, portaudit claims: portaudit Affected package: apr-0.9.19.0.9.19 Type of problem: apr -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/eb9212f7-526b-11de-bbf2-001b77d09812.html Following the above links, I find that apr1.3.5.1.3.7 is involved.

Re: apr vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/28/10 07:29, Andrea Venturoli wrote: On one of the servers I manage, portaudit claims: portaudit Affected package: apr-0.9.19.0.9.19 Type of problem: apr -- multiple vulnerabilities. Reference:

Re: linux-f10-pango security vulnerability

On 2010-Feb-08 18:05:43 -0800, Paul Pathiakis pathia...@yahoo.com wrote: /usr/ports/x11-toolkits/linux-f10-pango still has a security vulnerability and means that no one can build the linux port to install linux-f10-flashplugin. Not good. Please fix asap. FreeBSD is maintained by volunteers

Re: linux-f10-pango security vulnerability

. It is enterprise class. Ending my rant Paul From: Peter Jeremy peterjer...@acm.org To: Paul Pathiakis pathia...@yahoo.com Cc: po...@freebsd.org Sent: Tue, February 9, 2010 2:56:33 PM Subject: Re: linux-f10-pango security vulnerability On 2010-Feb-08 18:05:43 -0800, Paul

linux-f10-pango security vulnerability

Hi, /usr/ports/x11-toolkits/linux-f10-pango still has a security vulnerability and means that no one can build the linux port to install linux-f10-flashplugin. Not good. Please fix asap. Thank you! Paul Pathiakis ___ freebsd-ports

Re: linux-f10-pango security vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 8 Feb 2010 21:05, pathiaki2@ wrote: Hi, /usr/ports/x11-toolkits/linux-f10-pango still has a security vulnerability and means that no one can build the linux port to install linux-f10-flashplugin. Not good. Please fix asap. Thank you

Re: linux-f10-pango security vulnerability

On Tue, 9 Feb 2010 01:00, jhell@ wrote: On Mon, 8 Feb 2010 21:05, pathiaki2@ wrote: Hi, /usr/ports/x11-toolkits/linux-f10-pango still has a security vulnerability and means that no one can build the linux port to install linux-f10-flashplugin. Not good. Please fix asap. Thank you

Re: ports/138698: lang/php5: PHP session.save_path vulnerability

Synopsis: lang/php5: PHP session.save_path vulnerability Responsible-Changed-From-To: freebsd-ports-ale Responsible-Changed-By: miwi Responsible-Changed-When: Sat Sep 19 18:35:31 UTC 2009 Responsible-Changed-Why: over to php maintainer http://www.freebsd.org/cgi/query-pr.cgi?pr=138698

Re: ports/138698: lang/php5: PHP session.save_path vulnerability

The following reply was made to PR ports/138698; it has been noted by GNATS. From: Maciej =?ISO-8859-2?Q?Andzi=F1ski?= andzi...@volt.iem.pw.edu.pl To: Miroslav Lachman 000.f...@quip.cz Cc: bug-follo...@freebsd.org Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability Date: Sun

Re: ports/138698: lang/php5: PHP session.save_path vulnerability

Old Synopsis: PHP session.save_path vulnerability New Synopsis: lang/php5: PHP session.save_path vulnerability Responsible-Changed-From-To: freebsd-www-freebsd-ports Responsible-Changed-By: remko Responsible-Changed-When: Thu Sep 10 10:24:18 UTC 2009 Responsible-Changed-Why: reassign to ports

Re: ports/138698: lang/php5: PHP session.save_path vulnerability

The following reply was made to PR ports/138698; it has been noted by GNATS. From: Miroslav Lachman 000.f...@quip.cz To: bug-follo...@freebsd.org, andzi...@volt.iem.pw.edu.pl Cc: Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability Date: Thu, 10 Sep 2009 13:14:32 +0200 I

Re: ports/138698: lang/php5: PHP session.save_path vulnerability

The following reply was made to PR ports/138698; it has been noted by GNATS. From: Maciej Andzinski andzi...@volt.iem.pw.edu.pl To: Miroslav Lachman 000.f...@quip.cz Cc: bug-follo...@freebsd.org Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability Date: Thu, 10 Sep 2009 13:58

Re: ports/138698: lang/php5: PHP session.save_path vulnerability

The following reply was made to PR ports/138698; it has been noted by GNATS. From: Miroslav Lachman 000.f...@quip.cz To: bug-follo...@freebsd.org, andzi...@volt.iem.pw.edu.pl Cc: Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability Date: Thu, 10 Sep 2009 20:49:14 +0200

Re: ports/138698: lang/php5: PHP session.save_path vulnerability

session.save_path vulnerability Date: Thu, 10 Sep 2009 20:49:14 +0200 Yes, it is clear now and with owner root, it works. I propose to make this optional, as somebody has /tmp optimized for better speed (another disk device, flash device, RAM disk etc.) but not /var/lib/php5. And FreeBSD

ffmpeg vulnerability

(Resending, I did not see it posted earlier) ffmpeg has 3 announced vulnerabilities in this past month. Here is the latest... 09.6.23 CVE: Not Available Platform: Cross Platform Title: FFmpeg libavformat/4xm.c Remote Code Execution Description: FFmpeg is an application used to record, convert,

Critical vulnerability patch need in BINDx ports

Hello, Doug. I hope, you've already seen patch for BINDx, that close critical vulnerability. Could you register it in your FreeBSD-port(s)? http://www.isc.org/index.pl?/sw/bind/index.php === Index: inet_network.c diff -u inet_network.c:1.5 inet_network.c:1.6 --- inet_network.c:1.5 Wed Apr 27 04

Re: Critical vulnerability patch need in BINDx ports

Dennis Yusupoff wrote: Hello, Doug. I hope, you've already seen patch for BINDx, that close critical vulnerability. Could you register it in your FreeBSD-port(s)? That change is included in the versions of BIND already in the ports. Doug -- This .signature sanitized for your

Re: Critical vulnerability patch need in BINDx ports

Xin LI wrote: This is for BIND8... Yeah, that too. :) No one should be running BIND 8 BTW, just in case that news has escaped your notice. Doug -- This .signature sanitized for your protection ___ freebsd-ports@freebsd.org mailing list

Re: Critical vulnerability patch need in BINDx ports

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Doug Barton wrote: | Dennis Yusupoff wrote: | Hello, Doug. | | I hope, you've already seen patch for BINDx, that close critical | vulnerability. | Could you register it in your FreeBSD-port(s)? | | That change is included in the versions of BIND

Re[2]: Critical vulnerability patch need in BINDx ports

Доброго время суток, Doug! DB Dennis Yusupoff wrote: Hello, Doug. I hope, you've already seen patch for BINDx, that close critical vulnerability. Could you register it in your FreeBSD-port(s)? DB That change is included in the versions of BIND already in the ports. DB This is for BIND8

Re: Critical vulnerability patch need in BINDx ports

Xin LI wrote: Doug Barton wrote: | Dennis Yusupoff wrote: | Hello, Doug. | | I hope, you've already seen patch for BINDx, that close critical | vulnerability. | Could you register it in your FreeBSD-port(s)? | | That change is included in the versions of BIND already in the ports. Any plan

Re: awstats-6.5_1,1 is forbidden: Command Injection Vulnerability.

On Wed, 2 Aug 2006 13:46:04 +0330 Babak Farrokhi [EMAIL PROTECTED] wrote: Hi, Awstats-devel (which has solved this security issue) is in GNATS waiting for submission (PR ports/100162). If nothing bad happens once again, I plan to dedicate all the upcoming weekend for committing the PRs I

awstats-6.5_1,1 is forbidden: Command Injection Vulnerability.

mail# pwd /usr/ports/www/awstats mail# make fetch === awstats-6.5_1,1 is forbidden: Command Injection Vulnerability. *** Error code 1 Stop in /usr/ports/www/awstats. please fix !! thank you ! -- Regards. Chevy ___ freebsd-ports@freebsd.org mailing

RE: awstats-6.5_1,1 is forbidden: Command Injection Vulnerability.

To: freebsd-ports@freebsd.org Subject: Re: awstats-6.5_1,1 is forbidden: Command Injection Vulnerability. On Wed, 2 Aug 2006 17:17:16 +0800 chevy [EMAIL PROTECTED] mentioned: mail# pwd /usr/ports/www/awstats mail# make fetch === awstats-6.5_1,1 is forbidden: Command Injection

Re: awstats-6.5_1,1 is forbidden: Command Injection Vulnerability.

-freebsd- [EMAIL PROTECTED] On Behalf Of Stanislav Sedov Sent: Wednesday, August 02, 2006 12:57 PM To: freebsd-ports@freebsd.org Subject: Re: awstats-6.5_1,1 is forbidden: Command Injection Vulnerability. On Wed, 2 Aug 2006 17:17:16 +0800 chevy [EMAIL PROTECTED] mentioned: mail# pwd

Re: Ruby vulnerability?

Sergey Matveychuk wrote: Good. There is three patches there. I'll test if they fix the vulnerabilities. FYI The fixes was committed. -- Dixi. Sem. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports

Re: Ruby vulnerability?

Sergey Matveychuk wrote: Sergey Matveychuk wrote: Good. There is three patches there. I'll test if they fix the vulnerabilities. FYI The fixes was committed. Thanks a lot for the work Sergey! -- Kind regards, Remko Lodder ** [EMAIL PROTECTED] FreeBSD

Re: Ruby vulnerability?

On Sun, 30 Jul 2006 17:47:33 +0200 Frank Steinborn [EMAIL PROTECTED] wrote: Shaun Amott wrote: On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote: FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct

Re: Ruby vulnerability?

On 2006.07.30 17:47:33 +0200, Frank Steinborn wrote: Shaun Amott wrote: On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote: FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct in presuming

Re: Ruby vulnerability?

Dear Sirs, CVE report is very unpleasant: Multiple unspecified vulnerabilities. Secunia has more professional report. RedHat is only vendor who released updates, but they are binary. So, there is no known fix now. Following information maybe help you: