Date: Thu, 4 Dec 2003 07:10:13 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Lukas Ertl <l.ertl@univie.ac.at>, Peter Wemm <peter@wemm.org>, ports@freebsd.org, hubs@freebsd.org Subject: Re: HEADS UP! Watch out for security on your machines and exploits! Message-ID: <20031204151013.GA80231@xor.obsecurity.org> In-Reply-To: <20031204132303.GB347@straylight.m.ringlet.net> References: <20031203234849.7238C2A7EA@canning.wemm.org> <20031204133520.A748@korben.in.tern> <20031204132303.GB347@straylight.m.ringlet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 04, 2003 at 03:23:03PM +0200, Peter Pentchev wrote: > On Thu, Dec 04, 2003 at 01:37:20PM +0100, Lukas Ertl wrote: > > On Wed, 3 Dec 2003, Peter Wemm wrote: > >=20 > > > Please take EXTRA care to watch your mirrors for 'funny stuff' and ma= ke damn > > > sure that you're fully up todate with patches. > > > > > > Being a cvsup*/ftp*/etc mirror means that you're going to be scanned = and > > > probed. Especially now. > >=20 > > (I'm cc'ing ports@ on this.) > >=20 > > Since the gentoo hack was obviously made through a vunerable version of > > rsync, I ask if it's possible to update the rsync port to the new versi= on. >=20 > I sent a patch to update rsync to 2.5.7 to Oliver Eikemeier, the port > maintainer, earlier today. Because of the severity of this, I put on my portmgr hat and updated it myself a few minutes ago. It should be retagged for 5.2. Kris --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/z05VWry0BWjoQKURAlxtAJ0bO+fBnquzK/7S0X0lN8T6IvPa7QCgozuR cP2z1e1Y8jdo85qawby8Qvc= =FDBo -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031204151013.GA80231>