Date: Tue, 25 Sep 2001 00:08:47 -0700 (PDT) From: Doug Barton <dougb@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/textproc/htdig/files patch-htsearch_cc Message-ID: <200109250708.f8P78l276198@freefall.freebsd.org>
index | next in thread | raw e-mail
dougb 2001/09/25 00:08:47 PDT
Added files:
textproc/htdig/files patch-htsearch_cc
Log:
This patch comes from the ht://Dig maintainers, and fixes a possible
security vulnerability. Quoting from their e-mail announcement:
There is a security vulnerability in all versions of
htsearch between 3.1.0b2 and 3.1.5 . . . The hole can
allow a remote user to pick a file on your system for
the config file that the UID running the webserver
can read.
With a default ports install the httpd user should be nobody, which
makes the vulnerability small.
Revision Changes Path
1.1 +24 -0 ports/textproc/htdig/files/patch-htsearch_cc (new)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109250708.f8P78l276198>