Date: Mon, 31 Mar 2003 13:24:20 +0200 From: Davide Lemma <davide.lemma@sito.it> To: ports@freebsd.org Subject: again... serious security hole in a port (dcgui/dclib) Message-ID: <20030331132420.0b94c5ae.davide.lemma@sito.it>
next in thread | raw e-mail | index | archive | help
Hello again... really frustated this will be my last attempt to try to commit a fresh updated rebuild of a port with a really serious security hole. The port is dcgui/dclib, as reported by original developer (i'm in the developing team too), there is a high security hole in all versions of the software prior to version 0.2.3. This bug can compromise the whole system. The software permits to share, with other similar clients, one or more directories of the system. With all versions prior to 0.2.3 version is possible due to a bug to see all the content of the whole filesystem and not just the configured directories. I've yet advised the official port's maintainer more than one month ago, but the answer was that he was leaving the port maintainment. I've yet sent trought send-pr the new diff files to update the port. Current version is 0.2.8, while in the port tree there is yet 0.1.11beta version!! (one year and half older). Hoping that with this advise will be taken soon a decision. Most users don't know how can be dangerous this kind of bug and they can have their system compromised so easy. Thank in advance for attention. Best regards, Davide Lemma -- Davide Lemma >> Sistemi Informatici Torino >> www.sito.it GPG Publick Key: http://www.sito.it/davidelemma_pubkey.txt GPG FingerPrint: DC91 31EC 163C 24FE E0E2 6DC6 5580 F134 D4EB 694D
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030331132420.0b94c5ae.davide.lemma>