From owner-freebsd-stable@FreeBSD.ORG Fri Jan 4 22:38:55 2013 Return-Path: Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 24E73E94 for ; Fri, 4 Jan 2013 22:38:55 +0000 (UTC) (envelope-from simon@qxnitro.org) Received: from mail-la0-f42.google.com (mail-la0-f42.google.com [209.85.215.42]) by mx1.freebsd.org (Postfix) with ESMTP id A3EE9D14 for ; Fri, 4 Jan 2013 22:38:54 +0000 (UTC) Received: by mail-la0-f42.google.com with SMTP id fe20so10552018lab.29 for ; Fri, 04 Jan 2013 14:38:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qxnitro.org; s=google; h=mime-version:sender:x-originating-ip:date:x-google-sender-auth :message-id:subject:from:to:cc:content-type; bh=XntDnSsjXId/Now9R/J/ibagtfvCSrZQb3ToL3cVqG4=; b=I67CWkubv4adqncBcktyaRqdxl1l5qVNQLRNCgLioGLrlZilozTaMTMlmaVjw3DwJ/ WKmr1kwQeNVy2GvdL6wo2mrl9yBColivKR2pxu9VnBwcxmKdhV+vkoSeZzeI6PIj5v6H JrP2XEb5igWOVJXJJCKhh/IOrKW/ueFBS/uiI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:date:x-google-sender-auth :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=XntDnSsjXId/Now9R/J/ibagtfvCSrZQb3ToL3cVqG4=; b=g9C9Zu7rzNPFOR6lwGr8+6+zTtVcdGgcNMqTYkkhIP5QXaUyCD3JZ2gxYhvpHrHMq7 fA8dl19A4ahcb47oXFEH6dc5NNWpx0lvc5Aqy2wOGR9/4UHbxq42ldZlR5Su4eDPPwEK xuM3dQvOIe9zmZC9cP1G+cRVu2KLwF//crYjW32fsI7MVKkInn7Re7mShPgPbNwMOJBz KTWWlUTINOM1RJVdvS4SW2coO+XJsgrvn2OQNrftK+hrSK4VjKmAOZrTr7lCqabuScXE Dqg5e3PDMdVE2I13bR48C0o9dchlYWGYwMOoK4iRz0yUp6uhQzrW5IJhIORqCfGGZUe3 mKRw== MIME-Version: 1.0 Received: by 10.152.110.18 with SMTP id hw18mr51744878lab.22.1357339133229; Fri, 04 Jan 2013 14:38:53 -0800 (PST) Sender: simon@qxnitro.org Received: by 10.112.19.41 with HTTP; Fri, 4 Jan 2013 14:38:53 -0800 (PST) X-Originating-IP: [89.100.233.26] Date: Fri, 4 Jan 2013 22:38:53 +0000 X-Google-Sender-Auth: qzXmFoqnRB2sMJSf6_yh9EyaZgw Message-ID: Subject: FreeBSD wiki offline for a bit From: "Simon L. B. Nielsen" To: freebsd-stable@FreeBSD.org, freebsd-ports@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQnoheT6k88hr0D/ziBWNxk1j31FYMQq4mWW/i+yEakepXqF5ir1qCykiwgH0A0mNHEpdO4j Cc: "FreeBSD.org clusteradm" , FreeBSD Security Team X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jan 2013 22:38:55 -0000 Hey, Due to a security issue in the moinmoin wiki software, the FreeBSD wiki will be offline for a bit. I do not yet know if the issue actually has been exploited in the FreeBSD wiki (haven't had the time yet to examine it), but I took the wiki down just in case. Note that even if the software was compromised, it was considered untrusted from the start and as such heavily sandboxed (including jailed) to keep it away from any sensitive FreeBSD.org parts, so there is absolutely no reason to believe a compromise would go any further than the wiki itself. I hope to have the wiki back within 24 hours, assuming not too much gets in the way. For further reference see: http://moinmo.in/SecurityFixes and http://permalink.gmane.org/gmane.linux.debian.devel.announce/1754 . PS. this is entirely unrelated to the 2012 November FreeBSD.org compromise. -- Simon L. B. Nielsen Hat: FreeBSD clusteradm / FreeBSD Security Officer