Date: Thu, 23 Nov 2000 22:27:05 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Trevor Johnson <trevor@jpj.net> Cc: security@FreeBSD.ORG, toasty@dragondata.com Subject: Re: Joe's Own Editor File Link Vulnerability (fwd) Message-ID: <20001123222704.A41336@citusc17.usc.edu> In-Reply-To: <Pine.BSI.4.21.0011232145390.2220-100000@blues.jpj.net>; from trevor@jpj.net on Thu, Nov 23, 2000 at 09:59:17PM -0500 References: <Pine.BSI.4.21.0011232145390.2220-100000@blues.jpj.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, Nov 23, 2000 at 09:59:17PM -0500, Trevor Johnson wrote: > I've gotten no response to the appended message. > > I installed joe from the current ports collection, a few minutes ago, and > was able to confirm the bug. > > The Linux people (Red Hat, Immunix, Mandrake, and Debian) have released > patched versions, but I haven't looked at their patches. > > Would it be all right if I marked the port forbidden (mentioning > http://www.securityfocus.com/archive/1/145305), until the maintainer > becomes available? Yes. If you could also patch it it would be fine by me :-) Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoeCjgACgkQWry0BWjoQKWrfgCgyDJfOFE9Nt3d0PwbWSsoa2k5 3MAAnj33PbRbvpr1Thooi63fxZaoha0a =9X9q -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001123222704.A41336>