Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Jan 2003 09:49:53 -0800
From:      "Ronald F. Guilmette" <rfg@monkeys.com>
To:        Fernan Aguero <fernan@iib.unsam.edu.ar>
Cc:        ports@FreeBSD.ORG
Subject:   Re: Serious Security BUG in CGI::Lite 
Message-ID:  <97428.1043257793@monkeys.com>
In-Reply-To: Your message of Wed, 22 Jan 2003 14:43:54 -0300. <20030122174354.GH35269@iib.unsam.edu.ar> 

next in thread | previous in thread | raw e-mail | index | archive | help

In message <20030122174354.GH35269@iib.unsam.edu.ar>, you wrote:

>+----[ Ronald F. Guilmette <rfg@monkeys.com> (22.Jan.2003 14:30):
>| 
>| I believe that I have found a serious security bug in the CGI::Lite
>| package that's distributed as par of the FreeBSD ports collection.
>
>Is this a FreeBSD specific bug? In principle I wouldn't
>think so, since we're talking about a perl module ...

No, it is NOT in any way FreeBSD specific.

>Also note that security issues due to third party software
>(any software installed through the ports system) are dealt
>with differently than issues with the base system (though
>some ports are actually important, security-wise).

OK.  I can understand that.

But different how?

Please expand my conciousness.

>Have you tried to contact the author of the module (look in
>search.cpan.org) to see if s/he is already aware of it?

Yes, I tried e-mailing the person whose e-mail address is listed
as the creator/releasor of the v2.0 version in the README file of
the package itself, and I have had no response whatsoever for over
a week now.

Like I say, I am _trying_ to do the Right Thing here... whatever that
may be.  But I don't have any good idea what the accepted protocol is
in a case like this.

I want to get the (bug) information out ASAP, but I don't want to
screw anybody... least of all my fellow FreeBSD users.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97428.1043257793>