Date: Wed, 29 Dec 2004 10:57:48 -0800 From: Kris Kennaway <kris@obsecurity.org> To: "Peter C. Lai" <sirmoo@cowbert.net> Cc: estover@nativenerds.com Subject: Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10 Message-ID: <20041229185748.GA9560@xor.obsecurity.org> In-Reply-To: <20041229185332.GL24545@cowbert.net> References: <34657.24.230.37.14.1104187002.squirrel@24.230.37.14> <2990.24.98.86.57.1104197295.squirrel@24.98.86.57> <41D0C276.7080100@elischer.org> <20041229185332.GL24545@cowbert.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 29, 2004 at 01:53:32PM -0500, Peter C. Lai wrote: > On Mon, Dec 27, 2004 at 06:18:30PM -0800, Julian Elischer wrote: > > might be a good idea if we "urged" users to update their phpbb a bit= =20 > > more vocally. >=20 > Or if someone had been vigilant enough to add a vuxml entry about it back > in November. Waiting >30 days to update the database that portaudit uses > is a bit longish, don't you think? The "urging" to which you refer is > already one of the services provided by portaudit. Remember that FreeBSD is supported by the community, so you also could have submitted the update but didn't. Kris --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFB0v4sWry0BWjoQKURAic6AJ4tYQr7Nj0XDjYIuznPi8qL14Y2SACfZEGy YqYTugVYw9R7/9Xp7yDPX3g= =Ifao -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041229185748.GA9560>