From owner-freebsd-ports@FreeBSD.ORG Thu Oct 7 21:02:23 2010 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 337E51065670 for ; Thu, 7 Oct 2010 21:02:23 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 801918FC19 for ; Thu, 7 Oct 2010 21:02:22 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o97L2I3w030798 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 7 Oct 2010 22:02:18 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk o97L2I3w030798 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1286485338; bh=G+7OZjdbERWcqvZjDJFtpEJ2lRsb4QIioVQ/MF8Um5c=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4CAE3551.3070404@infracaninophile.co.uk>|Date:=20T hu,=2007=20Oct=202010=2022:02:09=20+0100|From:=20Matthew=20Seaman= 20|Organization:=20Infracaninophi le|User-Agent:=20Mozilla/5.0=20(Macintosh=3B=20U=3B=20Intel=20Mac= 20OS=20X=2010.6=3B=20en-GB=3B=20rv:1.9.2.9)=20Gecko/20100915=20Thu nderbird/3.1.4|MIME-Version:=201.0|To:=20Harlan=20Stenn=20|CC:=20ports@freebsd.org|Subject:=20Re:=20horde-base?|Refer ences:=20<201010072047.o97KlYOR030025@stenn.ntp.org>|In-Reply-To:= 20<201010072047.o97KlYOR030025@stenn.ntp.org>|X-Enigmail-Version:= 201.1.1|OpenPGP:=20id=3D60AE908C|Content-Type:=20multipart/signed= 3B=20micalg=3Dpgp-sha1=3B=0D=0A=20protocol=3D"application/pgp-sign ature"=3B=0D=0A=20boundary=3D"------------enig11A49E1B46F69B08A31D 149D"; b=Y+M2r6LQfGdEeYtWMPCl+bYOUFQAQEnrrHZmMlg8R31vYbsE0dAM/IU5xAtITIQnM PKkJhMtFdXtzqW1xcmOZ0/kiN1/bWkCOgeKk2HyAa/dDQBDLsWFC0jQOtXENTk2nwx nzodoy/8GNjD+s+NSupAwN1iE6UAJLDuxN2rb1Qc= Message-ID: <4CAE3551.3070404@infracaninophile.co.uk> Date: Thu, 07 Oct 2010 22:02:09 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4 MIME-Version: 1.0 To: Harlan Stenn References: <201010072047.o97KlYOR030025@stenn.ntp.org> In-Reply-To: <201010072047.o97KlYOR030025@stenn.ntp.org> X-Enigmail-Version: 1.1.1 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig11A49E1B46F69B08A31D149D" X-Virus-Scanned: clamav-milter 0.96.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_20,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lucid-nonsense.infracaninophile.co.uk Cc: ports@freebsd.org Subject: Re: horde-base? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2010 21:02:23 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig11A49E1B46F69B08A31D149D Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 07/10/2010 21:47:34, Harlan Stenn wrote: > Hi, >=20 > I've seen the security alert for the current horde-base (3.3.8) port. >=20 > It looks like 3.3.9 was released just over a week ago, and the release > notes seem to indicate it fixes the security problems. >=20 > I also see http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/151191, b= ut > I have no idea if that patch will actually fix the problem or not, or > when that PR will be resolved. >=20 > Should I just wait quietly, or is there a minimally-intrusive way I > could figure out the timeline on these things? >=20 Hmmmm... that PR doesn't really help itself much. It would receive more attention if it mentioned the magic word "security" in the subject line. Even better would be to CC it to sec-team@...[*] Best of all though would be both of the above plus being sent as a maintainer-update. Unfortunately it seems the horde apps are without a Maintainer at the moment. Cheers, Matthew [*] This isn't intended as a criticism of the person generating the PR -- looks like they are writing in what to them is a foreign language, and they've done a lot better than I would if I had to try and write in their language. --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig11A49E1B46F69B08A31D149D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyuNVkACgkQ8Mjk52CukIyJfgCfaJAa/jLG3EFmhOkGsCTnsPFG QPQAni1wkRqqi1KaT/cMi9P6cpV98BkO =4f/k -----END PGP SIGNATURE----- --------------enig11A49E1B46F69B08A31D149D--