Date: Thu, 16 Jul 1998 11:58:01 -0400 (EDT) From: Matt Behrens <matt@megaweapon.zigg.com> To: Adrian Penisoara <ady@warpnet.ro> Cc: Steve Price <sprice@hiwaay.net>, imap-uw@freebsd.ady.ro, FreeBSD ports <freebsd-ports@FreeBSD.ORG> Subject: Re: imap-uw security hole -- please update port Message-ID: <Pine.BSF.3.96.980716115119.29675C-100000@megaweapon.zigg.com> In-Reply-To: <Pine.BSF.3.96.980716182054.3069A-100000@ady.warpnet.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
OK guys, here's what I've got. :) I don't know what the problem is. Apparently Terry Gray from UW knows, I'll ask him. I did find out from <http://www.washington.edu/imap/server-security.html>; that the bug affects the version we currently have in the port; i.e. anything before July 12. I don't think we need to change the structure of any of the ports. pine should still install pine and imap-uw imap-uw. I don't think the tools would be needed, I never use them except imapd anyway. Thanks a bunch. You guys have been extremely helpful -- and fast! :) I'll let you know what I find out. On Thu, 16 Jul 1998, Adrian Penisoara wrote: > Hi, > > On Thu, 16 Jul 1998, Steve Price wrote: > > > Hey, I won't worry if Matt doesn't. :) If we don't install > > I'd still worry if Matty was happy and the sources were > security-compromising... :) > > > the imap tools does that satisfy your requirements Matt or > > are you expecting them to be installed as part of pine4? > > Pine 3.96 & Pine 4.00 install only c-client library, pico (the Editor), > Pilot (the file Browser) and Pine (the MUA); I believe this is what the > average user expects -- if someone wants the mail daemons (ipop2d, ipop3d, > imapd) then they will happily be served by the imap-uw port :) > > > If so, would a *_DEPENDS on the imap-uw port work? Of > > course its build/install would have to be conditionalized > > appropriately first of course. > > That wouldn't be necessary (if the POP/IMAP dameons build was expected) > -- Pine 4.00 source tarball comes with the sources for these dameons > already, *_DEPENDS should be used only to force using imap-uw's sources > instead what the pine port has; but I do repeat: the user > doesn't/shouldn't expect the port to install anything else but what they > come for and that's the Pine binaries; if they want the mail daemons they > should go for imap-uw... > > What's your opinion, Matt ? > > > > > Just out of curiousity why isn't the imap-uw port afflicted > > by the same security problems mentioned on BUGTRAQ? > > I believe this is because only the newly released Pine 4.00 source > tarball has the latest sources wich have that security bug -- but this is > just a supposition, it must be verified ! > > And about that, could you dig up a bit more and tell me what exactly is > this security compromise about or where can I find more about it, Matt ? > Thanks ! > > > > > Steve > > > > On Thu, 16 Jul 1998, Adrian Penisoara wrote: > > > > > Ady (@freebsd.ady.ro) > > Matt Behrens <matt@zigg.com> Founder and Chief Engineer, The OverNet Network I eat Penguins for breakfast. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980716115119.29675C-100000>