Date: Wed, 2 Aug 2006 13:46:04 +0330 From: "Babak Farrokhi" <babak@farrokhi.net> To: "'Stanislav Sedov'" <ssedov@mbsd.msk.ru>, <freebsd-ports@freebsd.org> Subject: RE: awstats-6.5_1,1 is forbidden: Command Injection Vulnerability. Message-ID: <000701c6b61c$aa59f700$ff0de500$@net> In-Reply-To: <20060802132705.375bab36@localhost> References: <56729ea90608020217k750a12e3h3f35c8c6caf136cf@mail.gmail.com> <20060802132705.375bab36@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Awstats-devel (which has solved this security issue) is in GNATS waiting = for submission (PR ports/100162). -- Babak Farrokhi > -----Original Message----- > From: owner-freebsd-ports@freebsd.org [mailto:owner-freebsd- > ports@freebsd.org] On Behalf Of Stanislav Sedov > Sent: Wednesday, August 02, 2006 12:57 PM > To: freebsd-ports@freebsd.org > Subject: Re: awstats-6.5_1,1 is forbidden: Command Injection > Vulnerability. >=20 > On Wed, 2 Aug 2006 17:17:16 +0800 > chevy <quchifeng@gmail.com> mentioned: >=20 > > mail# pwd > > /usr/ports/www/awstats > > mail# make fetch > > =3D=3D=3D> awstats-6.5_1,1 is forbidden: Command Injection = Vulnerability. > > *** Error code 1 > > > > Stop in /usr/ports/www/awstats. > > please fix !! thank you ! > > >=20 > You should for vendor's fix or contact port maintainer - the fix might > be already here. >=20 > Alternately you can comment-out FORBIDDEN line in the port's Makefile > and install port anyway if you are understanding what you are doing. >=20 > -- > Stanislav Sedov MBSD labs, Inc. <ssedov@mbsd.msk.ru> > =F2=CF=D3=D3=C9=D1, =ED=CF=D3=CB=D7=C1 http://mbsd.msk.ru >=20 > -------------------------------------------------------------------- > If the facts don't fit the theory, change the facts. -- A. Einstein > -------------------------------------------------------------------- > PGP fingerprint: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c6b61c$aa59f700$ff0de500$>