From owner-freebsd-ports@FreeBSD.ORG  Fri Nov 19 11:35:56 2004
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5364416A4CE
	for <freebsd-ports@freebsd.org>; Fri, 19 Nov 2004 11:35:56 +0000 (GMT)
Received: from obsecurity.dyndns.org
	(CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.143])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2599943D39
	for <freebsd-ports@freebsd.org>;
	Fri, 19 Nov 2004 11:35:56 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id DE3905130D; Fri, 19 Nov 2004 03:39:22 -0800 (PST)
Date: Fri, 19 Nov 2004 03:39:22 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Feczak Szabolcs <feczo@siodigit.hu>
Message-ID: <20041119113922.GB87454@xor.obsecurity.org>
References: <1100859287.8003.4.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="mxv5cy4qt+RJ9ypb"
Content-Disposition: inline
In-Reply-To: <1100859287.8003.4.camel@localhost.localdomain>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-ports@freebsd.org
Subject: Re: ruby-1.8.2.p2_1 has known vulnerabilities-- CGI DoS
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Nov 2004 11:35:56 -0000


--mxv5cy4qt+RJ9ypb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Nov 19, 2004 at 11:14:46AM +0100, Feczak Szabolcs wrote:
> Please mark the port forbidden according to
> http://www.freebsd.org/ports/portaudit/d656296b-33ff-11d9-a9e7-0001020eed82.html
> till the update comes

That probably wouldn't be appropriate since the vulnerability affects
only one aspect of the ruby port that is irrelevant for most users
(consider that most people use ruby for portupgrade).  portaudit
already knows about this problem, which is the appropriate place for
minor problems like this.

Kris

--mxv5cy4qt+RJ9ypb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBndtqWry0BWjoQKURAvzaAKD1cI3agc/wNy3Obwt31jGW7VjbwwCgiZ3h
Zi3ngKRqzvvS+G1wJljxRc0=
=7EWM
-----END PGP SIGNATURE-----

--mxv5cy4qt+RJ9ypb--