Date: Thu, 23 Nov 2000 22:27:05 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Trevor Johnson <trevor@jpj.net> Cc: security@FreeBSD.ORG, toasty@dragondata.com Subject: Re: Joe's Own Editor File Link Vulnerability (fwd) Message-ID: <20001123222704.A41336@citusc17.usc.edu> In-Reply-To: <Pine.BSI.4.21.0011232145390.2220-100000@blues.jpj.net>; from trevor@jpj.net on Thu, Nov 23, 2000 at 09:59:17PM -0500 References: <Pine.BSI.4.21.0011232145390.2220-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 23, 2000 at 09:59:17PM -0500, Trevor Johnson wrote: > I've gotten no response to the appended message. >=20 > I installed joe from the current ports collection, a few minutes ago, and > was able to confirm the bug. >=20 > The Linux people (Red Hat, Immunix, Mandrake, and Debian) have released > patched versions, but I haven't looked at their patches. >=20 > Would it be all right if I marked the port forbidden (mentioning > http://www.securityfocus.com/archive/1/145305), until the maintainer > becomes available? Yes. If you could also patch it it would be fine by me :-) Kris --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoeCjgACgkQWry0BWjoQKWrfgCgyDJfOFE9Nt3d0PwbWSsoa2k5 3MAAnj33PbRbvpr1Thooi63fxZaoha0a =9X9q -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001123222704.A41336>