From owner-cvs-all  Tue Sep 25  0: 8:53 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (unknown [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id DD83437B40F; Tue, 25 Sep 2001 00:08:47 -0700 (PDT)
Received: (from dougb@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f8P78l276198;
	Tue, 25 Sep 2001 00:08:47 -0700 (PDT)
	(envelope-from dougb)
Message-Id: <200109250708.f8P78l276198@freefall.freebsd.org>
From: Doug Barton <dougb@FreeBSD.org>
Date: Tue, 25 Sep 2001 00:08:47 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/textproc/htdig/files patch-htsearch_cc
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

dougb       2001/09/25 00:08:47 PDT

  Added files:
    textproc/htdig/files patch-htsearch_cc 
  Log:
  This patch comes from the ht://Dig maintainers, and fixes a possible
  security vulnerability. Quoting from their e-mail announcement:
  
  	There is a security vulnerability in all versions of
  	htsearch between 3.1.0b2 and 3.1.5 . . . The hole can
  	allow a remote user to pick a file on your system for
  	the config file that the UID running the webserver
  	can read.
  
  With a default ports install the httpd user should be nobody, which
  makes the vulnerability small.
  
  Revision  Changes    Path
  1.1       +24 -0     ports/textproc/htdig/files/patch-htsearch_cc (new)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message