Date: Fri, 24 Nov 2000 00:34:31 -0600 (CST) From: Kevin Day <toasty@temphost.dragondata.com> To: trevor@jpj.net (Trevor Johnson) Cc: security@freebsd.org, toasty@dragondata.com Subject: Re: Joe's Own Editor File Link Vulnerability (fwd) Message-ID: <200011240634.AAA17422@temphost.dragondata.com> In-Reply-To: <Pine.BSI.4.21.0011232145390.2220-100000@blues.jpj.net> from "Trevor Johnson" at Nov 23, 2000 09:59:17 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> > I've gotten no response to the appended message. > > I installed joe from the current ports collection, a few minutes ago, and > was able to confirm the bug. > > The Linux people (Red Hat, Immunix, Mandrake, and Debian) have released > patched versions, but I haven't looked at their patches. > > Would it be all right if I marked the port forbidden (mentioning > http://www.securityfocus.com/archive/1/145305), until the maintainer > becomes available? > -- > Trevor Johnson > http://jpj.net/~trevor/gpgkey.txt If you fowarded this to me before, it must have gotten lost during my many server moves over the past couple of months, I apologize. I'll send an e-mail to the author of Joe an e-mail about this, but from my past experiences with him, he's quite busy with other projects and may not have time for a complete new version immediately. I'll come up with a quick patch for now to include, that one of you can verify for accuracy (if desired) to include in our local port patches. Thanks, Kevin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011240634.AAA17422>