From owner-freebsd-ports@FreeBSD.ORG  Tue Sep 19 02:07:55 2006
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
X-Original-To: freebsd-ports@freebsd.org
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 050D316A403
	for <freebsd-ports@freebsd.org>; Tue, 19 Sep 2006 02:07:55 +0000 (UTC)
	(envelope-from kris@obsecurity.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C91E043D72
	for <freebsd-ports@freebsd.org>; Tue, 19 Sep 2006 02:07:40 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196])
	by elvis.mu.org (Postfix) with ESMTP id 3E12B1A4D84;
	Mon, 18 Sep 2006 19:07:40 -0700 (PDT)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 2BD0D514F6; Mon, 18 Sep 2006 22:07:39 -0400 (EDT)
Date: Mon, 18 Sep 2006 22:07:38 -0400
From: Kris Kennaway <kris@obsecurity.org>
To: Fred Cox <sailorfred@yahoo.com>
Message-ID: <20060919020738.GA16953@xor.obsecurity.org>
References: <20060919020002.59668.qmail@web31815.mail.mud.yahoo.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="vtzGhvizbBRQ85DL"
Content-Disposition: inline
In-Reply-To: <20060919020002.59668.qmail@web31815.mail.mud.yahoo.com>
User-Agent: Mutt/1.4.2.2i
Cc: freebsd-ports@freebsd.org
Subject: Re: www/dotproject out of date and vulnerable
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Sep 2006 02:07:55 -0000


--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 18, 2006 at 07:00:02PM -0700, Fred Cox wrote:
> www/dotproject is still 2.0.2, even though 2.0.4 came
> out in June to address an XSS vulnerability.  See
> http://www.dotproject.net/ for details.
>=20
> I've sent mail to the maintainer and the contact for
> portaudit, with no response in over 2 weeks and 1 week
> respectively.  Portaudit does not report any problem
> with dotproject.
>=20
> What's the next step?

If you submit the update as a PR, it can be committed under maintainer
timeout.

Kris

--vtzGhvizbBRQ85DL
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFD1DqWry0BWjoQKURAu0SAJsFusZS5TSVmIlxLxO9a64Xou3pQgCfeCEs
mSAhLZuzcWcdnFlrPW3VMi0=
=Fy2L
-----END PGP SIGNATURE-----

--vtzGhvizbBRQ85DL--