Date: Fri, 4 Jan 2013 22:38:53 +0000 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: freebsd-stable@FreeBSD.org, freebsd-ports@freebsd.org Cc: "FreeBSD.org clusteradm" <clusteradm@FreeBSD.org>, FreeBSD Security Team <secteam@FreeBSD.org> Subject: FreeBSD wiki offline for a bit Message-ID: <CAC8HS2GBmkAFE-n00VRYFr=2F0vknjFHNr6OHUK=pHGwbJdqTw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hey, Due to a security issue in the moinmoin wiki software, the FreeBSD wiki will be offline for a bit. I do not yet know if the issue actually has been exploited in the FreeBSD wiki (haven't had the time yet to examine it), but I took the wiki down just in case. Note that even if the software was compromised, it was considered untrusted from the start and as such heavily sandboxed (including jailed) to keep it away from any sensitive FreeBSD.org parts, so there is absolutely no reason to believe a compromise would go any further than the wiki itself. I hope to have the wiki back within 24 hours, assuming not too much gets in the way. For further reference see: http://moinmo.in/SecurityFixes and http://permalink.gmane.org/gmane.linux.debian.devel.announce/1754 . PS. this is entirely unrelated to the 2012 November FreeBSD.org compromise. -- Simon L. B. Nielsen Hat: FreeBSD clusteradm / FreeBSD Security Officer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC8HS2GBmkAFE-n00VRYFr=2F0vknjFHNr6OHUK=pHGwbJdqTw>