From owner-freebsd-security Thu Nov 23 22:31:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from temphost.dragondata.com (temphost.dragondata.com [63.167.131.128]) by hub.freebsd.org (Postfix) with ESMTP id BC40E37B479 for ; Thu, 23 Nov 2000 22:31:19 -0800 (PST) Received: (from toasty@localhost) by temphost.dragondata.com (8.9.3/8.9.3) id AAA17422; Fri, 24 Nov 2000 00:34:36 -0600 (CST) (envelope-from toasty) From: Kevin Day Message-Id: <200011240634.AAA17422@temphost.dragondata.com> Subject: Re: Joe's Own Editor File Link Vulnerability (fwd) To: trevor@jpj.net (Trevor Johnson) Date: Fri, 24 Nov 2000 00:34:31 -0600 (CST) Cc: security@freebsd.org, toasty@dragondata.com In-Reply-To: from "Trevor Johnson" at Nov 23, 2000 09:59:17 PM X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I've gotten no response to the appended message. > > I installed joe from the current ports collection, a few minutes ago, and > was able to confirm the bug. > > The Linux people (Red Hat, Immunix, Mandrake, and Debian) have released > patched versions, but I haven't looked at their patches. > > Would it be all right if I marked the port forbidden (mentioning > http://www.securityfocus.com/archive/1/145305), until the maintainer > becomes available? > -- > Trevor Johnson > http://jpj.net/~trevor/gpgkey.txt If you fowarded this to me before, it must have gotten lost during my many server moves over the past couple of months, I apologize. I'll send an e-mail to the author of Joe an e-mail about this, but from my past experiences with him, he's quite busy with other projects and may not have time for a complete new version immediately. I'll come up with a quick patch for now to include, that one of you can verify for accuracy (if desired) to include in our local port patches. Thanks, Kevin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message