www/dotproject out of date and vulnerable
Kris Kennaway
kris at obsecurity.org
Mon Sep 18 19:07:55 PDT 2006
On Mon, Sep 18, 2006 at 07:00:02PM -0700, Fred Cox wrote:
> www/dotproject is still 2.0.2, even though 2.0.4 came
> out in June to address an XSS vulnerability. See
> http://www.dotproject.net/ for details.
>
> I've sent mail to the maintainer and the contact for
> portaudit, with no response in over 2 weeks and 1 week
> respectively. Portaudit does not report any problem
> with dotproject.
>
> What's the next step?
If you submit the update as a PR, it can be committed under maintainer
timeout.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/ff7b727f/attachment.pgp
More information about the freebsd-ports
mailing list