From owner-cvs-ports  Tue Feb 11 10:27:19 2003
Delivered-To: cvs-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id C923C37B401; Tue, 11 Feb 2003 10:27:16 -0800 (PST)
Received: from obsecurity.dyndns.org (adsl-67-119-52-61.dsl.lsan03.pacbell.net [67.119.52.61])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9A9A043FA3; Tue, 11 Feb 2003 10:27:13 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5])
	by obsecurity.dyndns.org (Postfix) with ESMTP
	id 2CB2B67B88; Tue, 11 Feb 2003 10:27:13 -0800 (PST)
Received: by rot13.obsecurity.org (Postfix, from userid 1000)
	id EECD9100A; Tue, 11 Feb 2003 10:27:12 -0800 (PST)
Date: Tue, 11 Feb 2003 10:27:12 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Peter Pentchev <roam@FreeBSD.org>
Cc: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: ports/games/nethack34 Makefile
Message-ID: <20030211182712.GB29134@rot13.obsecurity.org>
References: <200302111202.h1BC2OB3052663@repoman.freebsd.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
In-Reply-To: <200302111202.h1BC2OB3052663@repoman.freebsd.org>
User-Agent: Mutt/1.4i
Sender: owner-cvs-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-ports>
X-Loop: FreeBSD.ORG


--eAbsdosE1cNLO4uF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 11, 2003 at 04:02:24AM -0800, Peter Pentchev wrote:
> roam        2003/02/11 04:02:24 PST
>=20
>   Modified files:
>     games/nethack34      Makefile=20
>   Log:
>   Mark FORBIDDEN due to a locally-exploitable buffer overflow, as reported
>   on BugTraq:
>   http://online.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0
>  =20
>   I wish people would contact the vendor more often, so patches/updates
>   are available at the time of the advisory, but oh well...

Since this is setgid games (a throwaway gid) this isn't particularly
dangerous.

Kris

--eAbsdosE1cNLO4uF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+SUCAWry0BWjoQKURAlFqAJ48XE6nopGkyZouhcukIY8Xbu2JeQCglVgR
ToRU1+Vre8j5qu0UCO0blIw=
=vkw9
-----END PGP SIGNATURE-----

--eAbsdosE1cNLO4uF--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-ports" in the body of the message