From nobody Mon Dec 8 18:48:31 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dQ9x641RFz6KCRQ for ; Mon, 08 Dec 2025 18:48:42 +0000 (UTC) (envelope-from hello@bacula-web.org) Received: from mail-24421.protonmail.ch (mail-24421.protonmail.ch [109.224.244.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dQ9x41jVnz3ghQ for ; Mon, 08 Dec 2025 18:48:39 +0000 (UTC) (envelope-from hello@bacula-web.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bacula-web.org header.s=protonmail header.b="NAv/Kk25"; dmarc=pass (policy=none) header.from=bacula-web.org; spf=pass (mx1.freebsd.org: domain of hello@bacula-web.org designates 109.224.244.21 as permitted sender) smtp.mailfrom=hello@bacula-web.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bacula-web.org; s=protonmail; t=1765219716; x=1765478916; bh=NpomqKx+04HEt3xDhynHBY7sTqTtgqnE1W9lugcNgA0=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=NAv/Kk25dp4gqVsf0tQkxzlFNNCaxghXDWZBSqbHz/qymfRuQrTU/urJENdcGFXkj RC4YhYp+dOUspucVbWdGi52CM27B7oGNQSRBxISRn0yO3Adb4/GJyNawsyt+Ldjypy M2otd7pSjeTY1z/d7WwJpsBSQarJOuIevSNWA9KotOf6dQaETOfG+e604tsOfC3k0x dOKEv8bSTEwN5EQIXnVMEGsT/QDgPDqx8bibFDeZEapHhIel0JHEj4DOSXFp5QwC13 txwlqFtIvtb4AUm/l3/VzXPgH8bcI6alp+odvRYv9JLwxVjq7RVpMbZDsutQzceLHe ryu64G7dppWmw== Date: Mon, 08 Dec 2025 18:48:31 +0000 To: Dimitry Andric From: Bacula-Web project maintainer Cc: "freebsd-security@FreeBSD.org" Subject: Re: Guidance on how to handle FreeBSD port vulnerability Message-ID: In-Reply-To: <11DA25E7-8840-4182-995A-B976439C2E04@FreeBSD.org> References: <11DA25E7-8840-4182-995A-B976439C2E04@FreeBSD.org> Feedback-ID: 62987555:user:proton X-Pm-Message-ID: 81fe97b1bb18739ed0b3db0cd3b62e572dc04907 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.39 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.992]; DMARC_POLICY_ALLOW(-0.50)[bacula-web.org,none]; RWL_MAILSPIKE_EXCELLENT(-0.40)[109.224.244.21:from]; R_DKIM_ALLOW(-0.20)[bacula-web.org:s=protonmail]; R_SPF_ALLOW(-0.20)[+ip4:109.224.244.0/24]; MIME_GOOD(-0.10)[text/plain]; TO_DN_EQ_ADDR_SOME(0.00)[]; MISSING_XM_UA(0.00)[]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[109.224.244.21:from]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MLMMJ_DEST(0.00)[freebsd-security@FreeBSD.org]; DKIM_TRACE(0.00)[bacula-web.org:+] X-Rspamd-Queue-Id: 4dQ9x41jVnz3ghQ Thanks for your feedback Dimitry, I=E2=80=99ll create a bug asap. Best, Davide -------- Original Message -------- On Sunday, 12/07/25 at 12:35 Dimitry Andric wrote: On 7 Dec 2025, at 12:28, Bacula-Web project maintainer wrote: > > > Hello there, > > I'd need some help to tackle a known FreeBSD port vulnerability which doe= sn't seem to be referenced on FreshPort.org. > > The affected port is https://www.freshports.org/www/bacula-web/. > > Also, I'd like to put some efforts to keep updated above ports as it dese= rve some more "love". > > An hints / link to documented process would be nice. Report a bug on https://bugs.freebsd.org/bugzilla/, the "Report an update o= r defect to a port" link there is the most appropriate. If you start the su= bject of the bug report with the string "www/bacula-web: " it will automati= cally get assigned to the port maintainer, which at the moment is ler@FreeB= SD.org . -Dimitry