From owner-freebsd-ports Sat Apr 29 18:26:30 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 74A6B37BB9D; Sat, 29 Apr 2000 18:26:27 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id SAA83384; Sat, 29 Apr 2000 18:26:27 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 29 Apr 2000 18:26:26 -0700 (PDT) From: Kris Kennaway To: Andy Sparrow Cc: Paul Chvostek , Ade Lovett , ports@FreeBSD.ORG Subject: Re: comms/hylafax In-Reply-To: <200004300113.SAA59876@mega.geek4food.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 29 Apr 2000, Andy Sparrow wrote: > Yes, 312 messages so far this month. > > In particular, Hylafax 4.1 beta2 is being readied for release. > > Bug fixes and patches are being produced, seems to be active. Perhaps, but they haven't ever made a public announcement acknowledging the security holes, offering a patch to fix them, or even acknowledging the email I sent enquiring about it on behalf of FreeBSD. Check the vulnerability database on www.securityfocus.com, or failing that, the bugtraq archives, for reference to the problem. It's not a simple problem to fix, but requires an in-depth audit of the code. There have been patches posted on the freebsd-audit mailing list which attempt to address some of the problems, but I haven't had the time to look at them. Ideally someone needs to work with the hylafax developers about this (assuming they can get a response this time). Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message