From owner-cvs-all Fri Sep 13 6:55:31 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E84237B400 for ; Fri, 13 Sep 2002 06:55:26 -0700 (PDT) Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 274A143EA9 for ; Fri, 13 Sep 2002 06:55:24 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 25297 invoked by uid 85); 13 Sep 2002 14:03:31 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.131.130) by south.nanolink.com with SMTP; 13 Sep 2002 14:03:29 -0000 Received: (qmail 58600 invoked by uid 1000); 13 Sep 2002 13:54:08 -0000 Date: Fri, 13 Sep 2002 16:54:07 +0300 From: Peter Pentchev To: Jacques Vidrine Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/mail/qmailadmin Makefile Message-ID: <20020913135407.GC384@straylight.oblivion.bg> Mail-Followup-To: Jacques Vidrine , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org References: <200209111859.g8BIxuxs074949@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Clx92ZfkiYIKRjnr" Content-Disposition: inline In-Reply-To: <200209111859.g8BIxuxs074949@freefall.freebsd.org> User-Agent: Mutt/1.5.1i X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d ) Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --Clx92ZfkiYIKRjnr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 11, 2002 at 11:59:56AM -0700, Jacques Vidrine wrote: > nectar 2002/09/11 11:59:56 PDT >=20 > Modified files: > mail/qmailadmin Makefile=20 > Log: > Setuid binary is exploitable. > http://security-archive.merton.ox.ac.uk/bugtraq-200208/0117.html Er.. I believe that the security flaw that this refers to was fixed prior to the release of qmailadmin-1.0.6, as stated in my message with the commit that updated the port to 1.0.6; actually, that was my primary reason for the port update :) I've removed the FORBIDDEN line now. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence didn't exist, somebody would have invented it. --Clx92ZfkiYIKRjnr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9ge3/7Ri2jRYZRVMRAjR7AKCt+JQYwetMGseaMETCSUmGu1o6BQCffGHw AKy/hSp9FXtFRfxMNneWq+U= =XhQV -----END PGP SIGNATURE----- --Clx92ZfkiYIKRjnr-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message