Date: Mon, 05 Sep 2011 13:15:46 -0400 From: "Mikhail T." <mi+thun@aldan.algebra.com> To: Chris Rees <utisoft@gmail.com> Cc: ports@freebsd.org, yar@freebsd.org Subject: Re: Re: sysutils/cfs Message-ID: <4E6503C2.5080002@aldan.algebra.com> In-Reply-To: <CADLo83_A%2BOh%2Bi4ZFQ=KnZyvBk0h2pf%2BbJnjhYHm=5UyacjE3cA@mail.gmail.com> References: <CADLo838g=r3C4pHVteObPYrA6VxB7%2B4banaEXeVrPwGD7MDAtg@mail.gmail.com> <CADLo83_A%2BOh%2Bi4ZFQ=KnZyvBk0h2pf%2BbJnjhYHm=5UyacjE3cA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On -10.01.-28163 14:59, Chris Rees wrote:
>> I've had to deprecate sysutils/cfs -- there's a confirmed issue with
>> failing locks [1] which has been open for two years with no fix.
>>
> Whoops, also missed a CVE -- buffer overflows can cause a DoS.
> Expiration date altered to 1 month accordingly.
Is this the only vulnerability you are talking about?
http://www.debian.org/security/2006/dsa-1138
Does not seem hard to fix at all... Listing all of the fatal problems
would be helpful...
-mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E6503C2.5080002>