From owner-freebsd-security Tue Jan 16 5:39:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10]) by hub.freebsd.org (Postfix) with ESMTP id 3228037B698; Tue, 16 Jan 2001 05:38:52 -0800 (PST) Received: from bmah-freebsd-0.cisco.com (bmah-freebsd-0.cisco.com [171.70.84.42]) by sj-msg-core-4.cisco.com (8.9.3/8.9.1) with ESMTP id FAA10564; Tue, 16 Jan 2001 05:38:50 -0800 (PST) Received: (from bmah@localhost) by bmah-freebsd-0.cisco.com (8.11.1/8.11.1) id f0GDcmJ68936; Tue, 16 Jan 2001 05:38:48 -0800 (PST) (envelope-from bmah) Message-Id: <200101161338.f0GDcmJ68936@bmah-freebsd-0.cisco.com> X-Mailer: exmh version 2.3 01/14/2001 with nmh-1.0.4 To: Lars =?iso-8859-1?Q?K=F6ller?= Cc: bmah@FreeBSD.org, FreeBSD-security@FreeBSD.org, FreeBSD-ports@FreeBSD.org Subject: Re: exmh security bugfix! In-Reply-To: <200101160704.IAA22365@hermes.hrz.uni-bielefeld.de> References: <200101160704.IAA22365@hermes.hrz.uni-bielefeld.de> Comments: In-reply-to Lars =?iso-8859-1?Q?K=F6ller?= message dated "Tue, 16 Jan 2001 08:04:34 +0100." From: bmah@FreeBSD.org (Bruce A. Mah) Reply-To: bmah@FreeBSD.org X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-394012406P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 16 Jan 2001 05:38:48 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --==_Exmh_-394012406P Content-Type: text/plain; charset=us-ascii If memory serves me right, Lars =?iso-8859-1?Q?K=F6ller?= wrote: > As the maintainer for exmh2 on the FreeBSD ports collection I would = > inform you about an security issue just mentioned on BUGTRAQ (see = > attached Mail). Hi Lars-- Thanks for the note. We (the exmh developers) have been working on a fix; a new version (which will be called exmh-2.3) will be released probably today. I'll be updating the port as soon as this happens. If there isn't something put up by late today, I'll fix the port with a patch from exmh's CVS repository. More information is at: http://www.beedub.com/exmh/symlink.html It would have been really nice if the person who originally reported this bug to BUGTRAQ had bothered to contact *any* of the exmh developers before posting to said list. Apparently, nowadays, saying "I'M 3L33T CUZ I F0UND A H0LE 1ST" is more important than giving developers a chance to actually fix problems in their software. Cheers, Bruce. PS. Yes, I should have put the patch into the port sooner. I had thought we would have cut a new exmh release earlier, which would have made this a moot point. One way or another FreeBSD will see the fix today. --==_Exmh_-394012406P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: Exmh version 2.2 06/23/2000 iD8DBQE6ZE7n2MoxcVugUsMRAuyLAKCkiZzqNA7M8b7fWJTRBN1m5V2wegCeINgC o6z46C+fU41OtMSc8hh3cs0= =yG0E -----END PGP SIGNATURE----- --==_Exmh_-394012406P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message