cvs commit: ports/mail/ecartis Makefile
ports/mail/ecartis/files patch-CAN-2004-0913
Simon L. Nielsen
simon at FreeBSD.org
Sun Jan 2 10:27:07 GMT 2005
On 2005.01.01 21:03:02 -0800, Joseph Scott wrote:
>
> On Jan 1, 2005, at 11:21 AM, Simon L. Nielsen wrote:
>
> >simon 2005-01-01 19:21:47 UTC
> >
> > FreeBSD ports repository (doc committer)
> >
> > Modified files:
> > mail/ecartis Makefile
> > Added files:
> > mail/ecartis/files patch-CAN-2004-0913
> > Log:
> > Fix a security vulnerabiliy which allows an attacker in the same
> > domain as the list admin to gain administrator privileges and alter
> > list settings.
> >
> > VuXML:
> >http://vuxml.FreeBSD.org/be543d74-539a-11d9-a9e7-0001020eed82.html
> > Obtained from: Debian
> > Approved by: portmgr (krion), maintainer timeout
>
> Just looking at related PRs, what does this do to PR ports/71199?
Not really anything.
> It simply does a version bump, which was reportedly (back in October 2004)
> approved by the maintainer.
The PR looks simple enough, but when doing security updates I prefer
not to change anything else, unless I have to, since doing that
increases the risk of breaking something and therefor I would have to
do more extensive testing, which in turns means I have less time to
work on the security problems in other ports.
So, hopefully a ports committer will look at this PR after the freeze,
but I doubt I will.
--
Simon L. Nielsen
FreeBSD Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-ports/attachments/20050102/8a1827ff/attachment.bin
More information about the cvs-ports
mailing list