From owner-cvs-all@FreeBSD.ORG Wed Nov 15 07:58:05 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.ORG Delivered-To: cvs-all@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E98D16A40F; Wed, 15 Nov 2006 07:58:05 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63DD343D46; Wed, 15 Nov 2006 07:58:04 +0000 (GMT) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id 5967BEB4FD9; Wed, 15 Nov 2006 15:58:03 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id zQ-k5TYADZTz; Wed, 15 Nov 2006 15:58:00 +0800 (CST) Received: from [10.217.12.47] (sina152-194.staff.sina.com.cn [61.135.152.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 7E0D4EB08CB; Wed, 15 Nov 2006 15:57:58 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to:cc: subject:references:in-reply-to:x-enigmail-version:content-type; b=r7eMtJTiuKvJMmLDag62swn1VSQxQSDQ/zrmrnXVw9aZwJdKSnozQUdBNLSqCsBlP 5fZhH/jeVkMsyUbhL5yWQ== Message-ID: <455AC879.1040505@delphij.net> Date: Wed, 15 Nov 2006 15:57:45 +0800 From: LI Xin Organization: The FreeBSD Project User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: "Simon L. Nielsen" References: <200611141657.kAEGvI60088666@repoman.freebsd.org> <20061114171000.GA1014@zaphod.nitro.dk> In-Reply-To: <20061114171000.GA1014@zaphod.nitro.dk> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enig0FAAB35255DFEF84B725EF17" Cc: cvs-ports@FreeBSD.ORG, Xin LI , cvs-all@FreeBSD.ORG, ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2006 07:58:05 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig0FAAB35255DFEF84B725EF17 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Simon L. Nielsen wrote: > On 2006.11.14 16:57:17 +0000, Xin LI wrote: >> delphij 2006-11-14 16:57:17 UTC >> >> FreeBSD ports repository >> >> Modified files: >> security/vuxml vuln.xml=20 >> Log: >> The Command Injection Vulnerability was corrected by awstats 6.5_2,1= =2E >> =20 >> Submitted by: Alex Samorukov >> PR: ports/105233 >=20 > Have you checked that the issues have really been fixed? I believe that the problem documented as 2df297a2-dc74-11da-a22b-000c6ec775d9 is fixed, and the patch provided in the ports tree should have fixed Hole #2 and #3 listed on the official site, where hole #3 is beyond the scope of 2df297a2-dc74-11da-a22b-000c6ec775d9. Cheers, --=20 Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------enig0FAAB35255DFEF84B725EF17 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFWsh5OfuToMruuMARAxP2AJ0XJOpcIjOxd4lPFUBFSwx3qubX5wCfUGb2 0sz31RZsB14BY0xWP4qc6iA= =cZl+ -----END PGP SIGNATURE----- --------------enig0FAAB35255DFEF84B725EF17--