www/dotproject out of date and vulnerable

Kris Kennaway kris at obsecurity.org
Mon Sep 18 19:07:55 PDT 2006

On Mon, Sep 18, 2006 at 07:00:02PM -0700, Fred Cox wrote:
> www/dotproject is still 2.0.2, even though 2.0.4 came
> out in June to address an XSS vulnerability.  See
> http://www.dotproject.net/ for details.
> I've sent mail to the maintainer and the contact for
> portaudit, with no response in over 2 weeks and 1 week
> respectively.  Portaudit does not report any problem
> with dotproject.
> What's the next step?

If you submit the update as a PR, it can be committed under maintainer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/ff7b727f/attachment.pgp

More information about the freebsd-ports mailing list