From owner-freebsd-ports@FreeBSD.ORG  Sat Sep 20 13:24:07 2003
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 89E2E16A4BF; Sat, 20 Sep 2003 13:24:07 -0700 (PDT)
Received: from mx2.fillmore-labs.com (lima.fillmore-labs.com [62.138.193.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 20A5A43FF5; Sat, 20 Sep 2003 13:24:06 -0700 (PDT)
	(envelope-from eikemeier@fillmore-labs.com)
Received: from pd951a746.dip.t-dialin.net
	([217.81.167.70] helo=fillmore-labs.com ident=fun10udp4qrxbbsi)
	by mx2.fillmore-labs.com with asmtp (TLSv1:AES256-SHA:256)
	(Exim 4.23; FreeBSD 4.9)
	id 1A0oGy-0003d6-DH; Sat, 20 Sep 2003 22:24:04 +0200
Message-ID: <3F6CB762.4080905@fillmore-labs.com>
Date: Sat, 20 Sep 2003 22:24:02 +0200
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
MIME-Version: 1.0
To: Will Andrews <will@csociety.org>
References: <3F6C9A0A.8080103@fillmore-labs.com>
	<20030920182035.GM47671@procyon.firepipe.net>
In-Reply-To: <20030920182035.GM47671@procyon.firepipe.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: eikemeier@fillmore-labs.com
User-Agent: KMail/1.5.9
Organization: Fillmore Labs GmbH  <http://www.fillmore-labs.com/>
X-Complaints-To: abuse@fillmore-labs.com
cc: FreeBSD ports <ports@FreeBSD.org>
cc: Dirk Meyer <dinoex@FreeBSD.org>
Subject: Re: [Fwd: LSH: Buffer overrun and remote root compromise in lshd]
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Sep 2003 20:24:07 -0000

Will Andrews wrote:

> On Sat, Sep 20, 2003 at 08:18:50PM +0200, Oliver Eikemeier wrote:
> 
>>port security/lsh 1.5.2 has a remote root compromise,
>>it seems that even the client part is affected.
>>Either someone upgrades it to 1.5.3 or we mark it as
>>broken for 4.9.
>>
>>The announcement  is at:
>> <http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000127.html>
> 
> Feel free to upgrade the port, it has portmgr approval.

This was just a heads up, Dirk dropped maintainership on 2003/02/23:
  http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/lsh/Makefile.diff?r1=1.16&r2=1.17

Just mark it as broken.

Regards
    Oliver