From owner-freebsd-security@FreeBSD.ORG Thu Dec 30 14:28:21 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78C5516A4CE for ; Thu, 30 Dec 2004 14:28:21 +0000 (GMT) Received: from daemon.li (daemon.li [213.203.244.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id D65C943D1D for ; Thu, 30 Dec 2004 14:28:20 +0000 (GMT) (envelope-from josef@daemon.li) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by daemon.li with local; Thu, 30 Dec 2004 14:28:20 +0000 Date: Thu, 30 Dec 2004 14:28:20 +0000 From: Josef El-Rayes To: Xin LI Message-ID: <20041230142820.GE16248@daemon.li> References: <34657.24.230.37.14.1104187002.squirrel@24.230.37.14> <2990.24.98.86.57.1104197295.squirrel@24.98.86.57> <41D0C276.7080100@elischer.org> <20041229185332.GL24545@cowbert.net> <20041229193226.GA11252@daemon.li> <20041230140125.GA3982@frontfree.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_daemon.li-17817-1104416900-0001-2" Content-Disposition: inline In-Reply-To: <20041230140125.GA3982@frontfree.net> User-Agent: Mutt/1.3.28i cc: "Peter C. Lai" cc: freebsd-security@freebsd.org cc: Julian Elischer cc: estover@nativenerds.com Subject: Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Dec 2004 14:28:21 -0000 This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_daemon.li-17817-1104416900-0001-2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Xin LI : > I always have a headache with the phpBB installation for the FreeBSD > China Community. I personally subscribe to phpBB's CVS commit message > and patch immediately when they have committed something "interesting". >=20 > I would admit that it's a bit late for the vuxml chunk to catch up with > this. However, it's a good idea to catch up with every phpbb updates, > as almost every updates is related to security issues during the last > year[1]... >=20 > [1] http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/phpbb/Makefile it would be nice if maintainers/committers forward such security-related commits to secteam if they do not want to create a vuxml entry themselves. i dont feel like tracking mailinglists / cvs repositories of our 12000+ ports and i guess my secteam colleagues dont feel like this either. greets, josef --=20 Josef El-Rayes (__) Email: josef@daemon.li \\\'',)=20 Web: http://daemon.li/ \/ \ ^ FreeBSD Security Team .\._/_) --=_daemon.li-17817-1104416900-0001-2 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iQEVAwUBQdQQg1nFItmnnbU8AQK5EggAs8F8N24MYrXjOb+Dxqm42XLC7h6QYo5U OrGtuPngVZNbwNw1+/GnIn86pevN8jBelYlnmsjsAXWqQa7mK1+rgD7OHBPnzZIG nSy47Vhxv5equx2Rpwmp8aFKQrkJxvV5CDbYljiUxSPsrKZFk+fvMRXUccawymiN 7lEESly5vCyTuHoTiXniKSxa79WuuyQhn4gXxdKJz6doA6igPg5CarB7KhFsP6Qn JDdCXOb7JwCeO8d7V4PG1BndlfRTmGFcVVX6RuCjo41LDW5zkD4i7kECBwS5PnMM PL+HL/2Fo9fwQB5LFoUmZfxwyT1DpjTH93FegjcNSGVRDSRwloetAg== =n8sW -----END PGP SIGNATURE----- --=_daemon.li-17817-1104416900-0001-2--