Date: Thu, 30 Dec 2004 22:01:25 +0800 From: Xin LI <delphij@frontfree.net> To: Josef El-Rayes <josef@FreeBSD.org> Cc: estover@nativenerds.com Subject: Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10 Message-ID: <20041230140125.GA3982@frontfree.net> In-Reply-To: <20041229193226.GA11252@daemon.li> References: <34657.24.230.37.14.1104187002.squirrel@24.230.37.14> <2990.24.98.86.57.1104197295.squirrel@24.98.86.57> <41D0C276.7080100@elischer.org> <20041229185332.GL24545@cowbert.net> <20041229193226.GA11252@daemon.li>
next in thread | previous in thread | raw e-mail | index | archive | help
--C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 29, 2004 at 07:32:26PM +0000, Josef El-Rayes wrote: > "Peter C. Lai" <sirmoo@cowbert.net>: > > On Mon, Dec 27, 2004 at 06:18:30PM -0800, Julian Elischer wrote: > > > might be a good idea if we "urged" users to update their phpbb a bit= =20 > > > more vocally. > >=20 > > Or if someone had been vigilant enough to add a vuxml entry about it ba= ck > > in November. Waiting >30 days to update the database that portaudit uses > > is a bit longish, don't you think? The "urging" to which you refer is > > already one of the services provided by portaudit. >=20 > first of all, if you run a machine you care about, you should think > twice before installing a software which has a bad security track > as phpBB has. secondly, most of the time we do not know security > issue any earlier then they get posted to bugtraq or similiar > mailinglists, so why dont you track these lists yourself? I always have a headache with the phpBB installation for the FreeBSD China Community. I personally subscribe to phpBB's CVS commit message and patch immediately when they have committed something "interesting". I would admit that it's a bit late for the vuxml chunk to catch up with this. However, it's a good idea to catch up with every phpbb updates, as almost every updates is related to security issues during the last year[1]... [1] http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/phpbb/Makefile Cheers, --=20 Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information. --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFB1Ao0/cVsHxFZiIoRAo9KAJ4l/jz+aZed5rllIYwBOs0rnjfIoACdHn8X igey0AML7HacItJjITguHGo= =6yAE -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041230140125.GA3982>