Date: Sat, 29 Apr 2000 18:26:26 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Andy Sparrow <andy@geek4food.org> Cc: Paul Chvostek <paul@it.ca>, Ade Lovett <ade@FreeBSD.ORG>, ports@FreeBSD.ORG Subject: Re: comms/hylafax Message-ID: <Pine.BSF.4.21.0004291820350.82188-100000@freefall.freebsd.org> In-Reply-To: <200004300113.SAA59876@mega.geek4food.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 Apr 2000, Andy Sparrow wrote:
> Yes, 312 messages so far this month.
>
> In particular, Hylafax 4.1 beta2 is being readied for release.
>
> Bug fixes and patches are being produced, seems to be active.
Perhaps, but they haven't ever made a public announcement acknowledging
the security holes, offering a patch to fix them, or even acknowledging
the email I sent enquiring about it on behalf of FreeBSD.
Check the vulnerability database on www.securityfocus.com, or failing
that, the bugtraq archives, for reference to the problem. It's not a
simple problem to fix, but requires an in-depth audit of the code.
There have been patches posted on the freebsd-audit mailing list which
attempt to address some of the problems, but I haven't had the time to
look at them. Ideally someone needs to work with the hylafax developers
about this (assuming they can get a response this time).
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004291820350.82188-100000>