Date: Mon, 5 Sep 2011 18:32:00 +0100 From: Chris Rees <utisoft@gmail.com> To: "Mikhail T." <mi+thun@aldan.algebra.com> Cc: ports@freebsd.org, yar@freebsd.org Subject: Re: Re: sysutils/cfs Message-ID: <CADLo838bxRPmJS-qzRF9wzGseKr6CoxoXEWb0rmcYDfhK_ZLQg@mail.gmail.com> In-Reply-To: <4E6503C2.5080002@aldan.algebra.com> References: <CADLo838g=r3C4pHVteObPYrA6VxB7%2B4banaEXeVrPwGD7MDAtg@mail.gmail.com> <CADLo83_A%2BOh%2Bi4ZFQ=KnZyvBk0h2pf%2BbJnjhYHm=5UyacjE3cA@mail.gmail.com> <4E6503C2.5080002@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5 Sep 2011 18:15, "Mikhail T." <mi+thun@aldan.algebra.com> wrote: > > On -10.01.-28163 14:59, Chris Rees wrote: >>> >>> I've had to deprecate sysutils/cfs -- there's a confirmed issue with >>> failing locks [1] which has been open for two years with no fix. >>> >> >> Whoops, also missed a CVE -- buffer overflows can cause a DoS. >> Expiration date altered to 1 month accordingly. > > > Is this the only vulnerability you are talking about? >> >> http://www.debian.org/security/2006/dsa-1138 > > Does not seem hard to fix at all... Listing all of the fatal problems would be helpful... >> >> -mi If it's not that hard to fix then do it. If you're not going to fix it, why are you even commenting? More noise. Stop whining and do something about it. I saw a port that is: - broken - vulnerable - unmaintained - dead upstream - has been removed by other distributions I don't use it, you don't use it, why do you care? Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo838bxRPmJS-qzRF9wzGseKr6CoxoXEWb0rmcYDfhK_ZLQg>