From owner-freebsd-ports  Wed Jan 22  9:44:14 2003
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EF21037B401
	for <ports@FreeBSD.ORG>; Wed, 22 Jan 2003 09:44:12 -0800 (PST)
Received: from www.unsam.edu.ar (ns2.unsam.edu.ar [170.210.48.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C1F6543F18
	for <ports@FreeBSD.ORG>; Wed, 22 Jan 2003 09:44:09 -0800 (PST)
	(envelope-from fernan@pi.iib.unsam.edu.ar)
Received: from pi.iib.unsam.edu.ar (pi.iib.unsam.edu.ar [192.168.10.11])
	by www.unsam.edu.ar (8.9.3/8.9.3) with ESMTP id OAA78451;
	Wed, 22 Jan 2003 14:44:02 -0300 (ART)
	(envelope-from fernan@pi.iib.unsam.edu.ar)
Received: from pi.iib.unsam.edu.ar (localhost.iib.unsam.edu.ar [127.0.0.1])
	by pi.iib.unsam.edu.ar (8.12.6/8.12.6) with ESMTP id h0MHhsq6018922;
	Wed, 22 Jan 2003 14:43:54 -0300 (ART)
	(envelope-from fernan@pi.iib.unsam.edu.ar)
Received: (from fernan@localhost)
	by pi.iib.unsam.edu.ar (8.12.6/8.12.6/Submit) id h0MHhsot018921;
	Wed, 22 Jan 2003 14:43:54 -0300 (ART)
Date: Wed, 22 Jan 2003 14:43:54 -0300
From: Fernan Aguero <fernan@iib.unsam.edu.ar>
To: "Ronald F. Guilmette" <rfg@monkeys.com>
Cc: ports@FreeBSD.ORG
Subject: Re: Serious Security BUG in CGI::Lite
Message-ID: <20030122174354.GH35269@iib.unsam.edu.ar>
Mail-Followup-To: "Ronald F. Guilmette" <rfg@monkeys.com>,
	ports@FreeBSD.ORG
References: <97115.1043256548@monkeys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <97115.1043256548@monkeys.com>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

+----[ Ronald F. Guilmette <rfg@monkeys.com> (22.Jan.2003 14:30):
| 
| I believe that I have found a serious security bug in the CGI::Lite
| package that's distributed as par of the FreeBSD ports collection.

Is this a FreeBSD specific bug? In principle I wouldn't
think so, since we're talking about a perl module ...

Also note that security issues due to third party software
(any software installed through the ports system) are dealt
with differently than issues with the base system (though
some ports are actually important, security-wise).

Have you tried to contact the author of the module (look in
search.cpan.org) to see if s/he is already aware of it?

Hope this helps,

Fernan

|
+----]

-- 
F e r n a n   A g u e r o
http://genoma.unsam.edu.ar/~fernan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message