From owner-svn-ports-all@FreeBSD.ORG Thu Dec 13 21:42:28 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 207D3F2; Thu, 13 Dec 2012 21:42:28 +0000 (UTC) (envelope-from graudeejs@yandex.ru) Received: from forward14.mail.yandex.net (forward14.mail.yandex.net [IPv6:2a02:6b8:0:801::4]) by mx1.freebsd.org (Postfix) with ESMTP id 3634F8FC0C; Thu, 13 Dec 2012 21:42:26 +0000 (UTC) Received: from web27f.yandex.ru (web27f.yandex.ru [95.108.131.161]) by forward14.mail.yandex.net (Yandex) with ESMTP id 9FD5B19815DC; Fri, 14 Dec 2012 01:42:02 +0400 (MSK) Received: from 127.0.0.1 (localhost.localdomain [127.0.0.1]) by web27f.yandex.ru (Yandex) with ESMTP id C721630C006D; Fri, 14 Dec 2012 01:42:01 +0400 (MSK) Received: from mpe-11-155.mpe.lv (mpe-11-155.mpe.lv [83.241.11.155]) by web27f.yandex.ru with HTTP; Fri, 14 Dec 2012 01:42:01 +0400 From: Aldis Berjoza Envelope-From: graudeejs@yandex.ru To: Chris Rees ,Eitan Adler In-Reply-To: References: <201212131904.qBDJ4u9M095797@svn.freebsd.org> <201212131030.54563.beech@freebsdnorth.com> <201212131044.23185.beech@freebsdnorth.com> Subject: Re: svn commit: r308867 - head/www/hastymail2 Message-Id: <1160191355434921@web27f.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Thu, 13 Dec 2012 23:42:01 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "svn-ports-head@freebsd.org" , "ports-secteam@freebsd.org" , Beech Rintoul , "svn-ports-all@freebsd.org" , "ports-committers@freebsd.org" , "portmgr@freebsd.org" , Beech Rintoul X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Dec 2012 21:42:28 -0000 13.12.2012, 22:55, "Chris Rees" : On 13 Dec 2012 20:18, "Eitan Adler" <[1]eadler@freebsd.org> wrote: > > On 13 December 2012 14:44, Beech Rintoul <[2]beech@freebsdnorth.com> wrote: > > On Thursday 13 December 2012 10:30:54 Beech Rintoul wrote: > >> On Thursday 13 December 2012 10:08:45 Eitan Adler wrote: > >> > On 13 December 2012 14:04, Beech Rintoul <[3]beech@freebsd.org> wrote: > >> > > Author: beech > >> > > Date: Thu Dec 13 19:04:56 2012 > >> > > New Revision: 308867 > >> > > URL: [4]http://svnweb.freebsd.org/changeset/ports/308867 > >> > > > >> > > Log: > >> > > - Update to 1.1 final. > >> > > - Security vulnerabilities are fixed in this version. > >> > > >> > Which ones? Is there a vuxml to go along with this? > >> > >> No vuxml and no mention of security vulnerabilities in previous pr's. The > >> website shows the following which doesn't appear anywhere else: > >> > >> Two security issues have been recently discovered in Hastymail. Both are > >> fixed in this latest release. All users are encouraged to upgrade to the > >> 1.1 version to protect themselves from these issues. > >> > >> Remote code execution: In order for this issue to be exploitable sites must > >> have the notices plugin enabled in Hastymail, and register_globals and > >> allow_url_fopen enabled in PHP. It is STRONGLY recommended that you do not > >> have register_globals enabled in PHP. Upgrading to the 1.1 version resolves > >> this bug, or you can update the hastymail2/plugins/notices/test_sounds.php > >> file to the latest version in SVN found here: > >> > >> [5]http://hastymail.svn.sourceforge.net/viewvc/hastymail/trunk/hasty mail2/plu > >> gins/notices/test_sound.php?revision=2074 > >> > >> XXS exploit on thread view: Shai Rod reported an issue on the thread view > >> page that allows specially crafted message subjects to execute javascript > >> code when viewed on the thread view page. Several files had to be modified > >> to correct this issue so it is recommended that sites upgrade to version > >> 1.1 to mitigate this issue. > > > > This is the second maintainer timeout, the first being pr 165549 from February > > 29. I'm wondering if this port should go back to the pool as > > [6]graudeejs@gmail.com hasn't responded. > > Yes, it should be - its been over 3 months without a reply or update. > He also timed out on a security related PR. Please reset. Before you do so, can we see if he replies to his other email address (CCd)? Chris Hello! I've been berried with work for the last year. Unfortunatly I also don't have my own server. I'd be glad if this port was given back to pool. -- Aldis Berjoza FreeBSD addict References 1. mailto:eadler@freebsd.org 2. mailto:beech@freebsdnorth.com 3. mailto:beech@freebsd.org 4. http://svnweb.freebsd.org/changeset/ports/308867 5. http://hastymail.svn.sourceforge.net/viewvc/hastymail/trunk/hastymail2/plu 6. mailto:graudeejs@gmail.com