Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 8 Aug 2003 19:23:32 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Greg 'groggy' Lehey <grog@freebsd.org>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: Ports scheduled for removal on Nov 7
Message-ID:  <20030809022332.GA2818@rot13.obsecurity.org>
In-Reply-To: <20030809013542.GZ1741@wantadilla.lemis.com>
References:  <20030808045334.GA97079@rot13.obsecurity.org> <20030808124244.48aca148.Alexander@Leidinger.net> <20030809013542.GZ1741@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--HlL+5n6rz5pIUxbD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 09, 2003 at 11:05:42AM +0930, Greg 'groggy' Lehey wrote:
> On Friday,  8 August 2003 at 12:42:44 +0200, Alexander Leidinger wrote:
> > On Thu, 7 Aug 2003 21:53:34 -0700
> > Kris Kennaway <kris@obsecurity.org> wrote:
> >
> >> The following ports are scheduled for removal on November 7 if they
> >> are still broken at that time and no PRs have been submitted to fix
> >
> >> databases/firebird	firebird-1.0.2	chris@aims.com.au
> >> databases/firebird-devel	firebird-1.0.r2	chris@aims.com.au
> >
> > I've marked them FORBIDDEN because of an posting on bugtraq. I've talked
> > with the maintainer and he explained, that the developers focus on the
> > development of the next version and don't seem to be interested in
> > fixing this vulnerability.
>=20
> Are you sure that this vulnerability exists?  bugtraq seems to be
> rather indiscriminate in its claims ("found in this version, all these
> others must have it too").  I've seen at least one case where we were
> about to throw out something (ghostview, I think) because of a library
> vulnerability on a different platform.

No, as I remember in that case the wrong port was marked broken
(ghostview vs gv), and the vulnerability in the gv port was real and
was independently fixed.

Kris

--HlL+5n6rz5pIUxbD
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/NFskWry0BWjoQKURAvthAJ92DG2MgHJflseXeUFvQ9gUW5eumwCfVvqU
0i1iZnSbrzkL2mE8wa1LgSE=
=06JR
-----END PGP SIGNATURE-----

--HlL+5n6rz5pIUxbD--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030809022332.GA2818>