Date: Sat, 18 Feb 2023 18:43:13 +0100 From: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernando.apesteguia@gmail.com> To: freebsd-ports@freebsd.org Subject: Re: Security issues with www/minio Message-ID: <CAGwOe2YddCoC9dvX-LQNAnykSN-cc-4m5TjpqdbtuBo2sFZxkQ@mail.gmail.com> In-Reply-To: <Y/D2j7BiuTYRK2/d@eborcom.com> References: <Y/D2j7BiuTYRK2/d@eborcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000683e8405f4fd0647 Content-Type: text/plain; charset="UTF-8" On Sat, Feb 18, 2023 at 5:02 PM Tom Hukins <tom@freebsd.org> wrote: > Hi, > > The www/minio port provides an outdated, insecure version of MinIO. > > This issue was raised on 2022-12-30 in > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268656 and five days > ago I provided a VuXML patch at > https://github.com/freebsd/freebsd-ports/pull/158 which I have updated > several times as security/vuxml/vuln/2023.xml has changed. > Thanks for the vuxml entry. It landed in https://cgit.freebsd.org/ports/commit/?id=b16091e19db403fa19c514ec5ac4c15045e402ef About the port itself, I'm quite unfamiliar with it but I see it is more than a year behind upstream in terms of releases. > I note that the www/minio maintainer, swills@, has not committed to the > ports tree since 2022-03-13 so someone else might need to update the > port. However, it would help to apply the VuXML patch soon so that the > port's users know of its security problems. > > Tom > > --000000000000683e8405f4fd0647 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Sat, Feb 18, 2023 at 5:02 PM Tom H= ukins <<a href=3D"mailto:tom@freebsd.org">tom@freebsd.org</a>> wrote:= <br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8= ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br> <br> The www/minio port provides an outdated, insecure version of MinIO.<br> <br> This issue was raised on 2022-12-30 in<br> <a href=3D"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268656" rel= =3D"noreferrer" target=3D"_blank">https://bugs.freebsd.org/bugzilla/show_bu= g.cgi?id=3D268656</a> and five days<br> ago I provided a VuXML patch at<br> <a href=3D"https://github.com/freebsd/freebsd-ports/pull/158" rel=3D"norefe= rrer" target=3D"_blank">https://github.com/freebsd/freebsd-ports/pull/158</= a> which I have updated<br> several times as security/vuxml/vuln/2023.xml has changed.<br></blockquote>= <div><br></div><div>Thanks for the vuxml entry. It landed in <a href=3D"htt= ps://cgit.freebsd.org/ports/commit/?id=3Db16091e19db403fa19c514ec5ac4c15045= e402ef">https://cgit.freebsd.org/ports/commit/?id=3Db16091e19db403fa19c514e= c5ac4c15045e402ef</a></div><div><br></div><div>About the port itself, I'= ;m quite unfamiliar with it but I see it is more than a year behind upstrea= m in terms of releases. <br></div><div><br></div><blockquote class=3D"gmail= _quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204= ,204);padding-left:1ex"> <br> I note that the www/minio maintainer, swills@, has not committed to the<br> ports tree since 2022-03-13 so someone else might need to update the<br> port.=C2=A0 However, it would help to apply the VuXML patch soon so that th= e<br> port's users know of its security problems.<br> <br> Tom<br> <br> </blockquote></div></div> --000000000000683e8405f4fd0647--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGwOe2YddCoC9dvX-LQNAnykSN-cc-4m5TjpqdbtuBo2sFZxkQ>