From owner-freebsd-ports@FreeBSD.ORG Wed Dec 15 07:23:05 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E76FB16A4CE for ; Wed, 15 Dec 2004 07:23:05 +0000 (GMT) Received: from server.alexdupre.com (host245-49.pool8288.interbusiness.it [82.88.49.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACFB743D2D for ; Wed, 15 Dec 2004 07:23:04 +0000 (GMT) (envelope-from ale@FreeBSD.org) Received: from [192.168.0.101] (thunder.alexdupre.com [192.168.0.101]) iBF7N0IS035287; Wed, 15 Dec 2004 08:23:01 +0100 (CET) (envelope-from ale@FreeBSD.org) Message-ID: <41BFE65D.6080802@FreeBSD.org> Date: Wed, 15 Dec 2004 08:23:09 +0100 From: Alex Dupre User-Agent: Mozilla Thunderbird 1.0RC1 (Windows/20041201) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "D. J. Bernstein" References: <20041215001202.4391.qmail@cr.yp.to> In-Reply-To: <20041215001202.4391.qmail@cr.yp.to> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: ports@FreeBSD.org Subject: Re: nuke cftp X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2004 07:23:06 -0000 D. J. Bernstein wrote: > You're shipping cftp 0.12, which has been known for more than a year to > be remotely exploitable. I think the vulnerability you are talking about has been fixed 17 months ago, increasing the incriminated buffer size. BTW, what does it mean "several new packages will be made available Real Soon Now"? When?! :-) -- Alex Dupre