From owner-freebsd-security  Thu Nov 23 22:26: 2 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP id F164937B4CF
	for <security@FreeBSD.ORG>; Thu, 23 Nov 2000 22:25:59 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eAO6R5j41368;
	Thu, 23 Nov 2000 22:27:05 -0800 (PST)
	(envelope-from kris)
Date: Thu, 23 Nov 2000 22:27:05 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Trevor Johnson <trevor@jpj.net>
Cc: security@FreeBSD.ORG, toasty@dragondata.com
Subject: Re: Joe's Own Editor File Link Vulnerability (fwd)
Message-ID: <20001123222704.A41336@citusc17.usc.edu>
References: <Pine.BSI.4.21.0011232145390.2220-100000@blues.jpj.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSI.4.21.0011232145390.2220-100000@blues.jpj.net>; from trevor@jpj.net on Thu, Nov 23, 2000 at 09:59:17PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 23, 2000 at 09:59:17PM -0500, Trevor Johnson wrote:
> I've gotten no response to the appended message.
>=20
> I installed joe from the current ports collection, a few minutes ago, and
> was able to confirm the bug.
>=20
> The Linux people (Red Hat, Immunix, Mandrake, and Debian) have released
> patched versions, but I haven't looked at their patches.
>=20
> Would it be all right if I marked the port forbidden (mentioning
> http://www.securityfocus.com/archive/1/145305), until the maintainer
> becomes available?

Yes. If you could also patch it it would be fine by me :-)

Kris

--d6Gm4EdcadzBjdND
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjoeCjgACgkQWry0BWjoQKWrfgCgyDJfOFE9Nt3d0PwbWSsoa2k5
3MAAnj33PbRbvpr1Thooi63fxZaoha0a
=9X9q
-----END PGP SIGNATURE-----

--d6Gm4EdcadzBjdND--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message