From owner-freebsd-ports Wed Jan 22 9:29:10 2003 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 82AD637B401 for ; Wed, 22 Jan 2003 09:29:09 -0800 (PST) Received: from segfault.monkeys.com (segfault.monkeys.com [66.60.157.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81CD343E4A for ; Wed, 22 Jan 2003 09:29:08 -0800 (PST) (envelope-from rfg@monkeys.com) Received: from monkeys.com (localhost [127.0.0.1]) by segfault.monkeys.com (Postfix) with ESMTP id 5B5F141F42 for ; Wed, 22 Jan 2003 09:29:08 -0800 (PST) To: ports@FreeBSD.org Subject: Serious Security BUG in CGI::Lite Date: Wed, 22 Jan 2003 09:29:08 -0800 Message-ID: <97115.1043256548@monkeys.com> From: "Ronald F. Guilmette" Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I believe that I have found a serious security bug in the CGI::Lite package that's distributed as par of the FreeBSD ports collection. Before I go public with it, I'd like to work with some Appropriate Party[tm] associated with the FreeBSD project to make sure that a fixed version of this port is already available at the time I go public. Could someone pleas tell me who I should cntact about this? (Sorry, but I'm kinda new at this. I don't run across serious security bugs every day, so I don't know the ropes or the standard protocol, or the standard procedures). Somebody please send me guidance regarding this issue ASAP. Thanks. Regards, Ronald F. Guilmette Roseville, California P.S. Is there a list anywhere of vendors who routinely distribute CPAN (non-core) Perl modules? More to the point, is there a list of the _security contacts_ at each such vendor available somewhere? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message