From owner-freebsd-ports@FreeBSD.ORG Sat Sep 20 11:20:36 2003 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67BDB16A4B3; Sat, 20 Sep 2003 11:20:36 -0700 (PDT) Received: from procyon.firepipe.net (procyon.firepipe.net [198.78.66.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id D621B43FE5; Sat, 20 Sep 2003 11:20:35 -0700 (PDT) (envelope-from will@csociety.org) Received: by procyon.firepipe.net (Postfix, from userid 1000) id 52A3746629; Sat, 20 Sep 2003 11:20:35 -0700 (PDT) Date: Sat, 20 Sep 2003 11:20:35 -0700 From: Will Andrews To: FreeBSD ports Message-ID: <20030920182035.GM47671@procyon.firepipe.net> Mail-Followup-To: FreeBSD ports , FreeBSD Ports Management Team References: <3F6C9A0A.8080103@fillmore-labs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F6C9A0A.8080103@fillmore-labs.com> User-Agent: Mutt/1.4.1i cc: FreeBSD Ports Management Team Subject: Re: [Fwd: LSH: Buffer overrun and remote root compromise in lshd] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Sep 2003 18:20:36 -0000 On Sat, Sep 20, 2003 at 08:18:50PM +0200, Oliver Eikemeier wrote: > port security/lsh 1.5.2 has a remote root compromise, > it seems that even the client part is affected. > Either someone upgrades it to 1.5.3 or we mark it as > broken for 4.9. > > The announcement is at: > Feel free to upgrade the port, it has portmgr approval. Regards, -- wca