Date: Mon, 18 Sep 2006 22:07:38 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Fred Cox <sailorfred@yahoo.com> Cc: freebsd-ports@freebsd.org Subject: Re: www/dotproject out of date and vulnerable Message-ID: <20060919020738.GA16953@xor.obsecurity.org> In-Reply-To: <20060919020002.59668.qmail@web31815.mail.mud.yahoo.com> References: <20060919020002.59668.qmail@web31815.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 18, 2006 at 07:00:02PM -0700, Fred Cox wrote: > www/dotproject is still 2.0.2, even though 2.0.4 came > out in June to address an XSS vulnerability. See > http://www.dotproject.net/ for details. >=20 > I've sent mail to the maintainer and the contact for > portaudit, with no response in over 2 weeks and 1 week > respectively. Portaudit does not report any problem > with dotproject. >=20 > What's the next step? If you submit the update as a PR, it can be committed under maintainer timeout. Kris --vtzGhvizbBRQ85DL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFD1DqWry0BWjoQKURAu0SAJsFusZS5TSVmIlxLxO9a64Xou3pQgCfeCEs mSAhLZuzcWcdnFlrPW3VMi0= =Fy2L -----END PGP SIGNATURE----- --vtzGhvizbBRQ85DL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060919020738.GA16953>