From owner-cvs-ports@FreeBSD.ORG Sun Jan 2 10:27:07 2005 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B018116A4CE; Sun, 2 Jan 2005 10:27:07 +0000 (GMT) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B3BB43E4D; Sun, 2 Jan 2005 10:27:07 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 9443F11CEE; Sun, 2 Jan 2005 11:27:04 +0100 (CET) Date: Sun, 2 Jan 2005 11:27:04 +0100 From: "Simon L. Nielsen" To: Joseph Scott Message-ID: <20050102102703.GA861@zaphod.nitro.dk> References: <200501011921.j01JLldX043465@repoman.freebsd.org> <949BE796-5C7B-11D9-9CD6-000A95AD0296@randomnetworks.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline In-Reply-To: <949BE796-5C7B-11D9-9CD6-000A95AD0296@randomnetworks.com> User-Agent: Mutt/1.5.6i cc: cvs-ports@freebsd.org cc: cvs-all@freebsd.org cc: ports-committers@freebsd.org Subject: Re: cvs commit: ports/mail/ecartis Makefile ports/mail/ecartis/files patch-CAN-2004-0913 X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jan 2005 10:27:07 -0000 --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.01.01 21:03:02 -0800, Joseph Scott wrote: >=20 > On Jan 1, 2005, at 11:21 AM, Simon L. Nielsen wrote: >=20 > >simon 2005-01-01 19:21:47 UTC > > > > FreeBSD ports repository (doc committer) > > > > Modified files: > > mail/ecartis Makefile > > Added files: > > mail/ecartis/files patch-CAN-2004-0913 > > Log: > > Fix a security vulnerabiliy which allows an attacker in the same > > domain as the list admin to gain administrator privileges and alter > > list settings. > > > > VuXML: =20 > >http://vuxml.FreeBSD.org/be543d74-539a-11d9-a9e7-0001020eed82.html > > Obtained from: Debian > > Approved by: portmgr (krion), maintainer timeout >=20 > Just looking at related PRs, what does this do to PR ports/71199? =20 Not really anything. > It simply does a version bump, which was reportedly (back in October 200= 4)=20 > approved by the maintainer. The PR looks simple enough, but when doing security updates I prefer not to change anything else, unless I have to, since doing that increases the risk of breaking something and therefor I would have to do more extensive testing, which in turns means I have less time to work on the security problems in other ports. So, hopefully a ports committer will look at this PR after the freeze, but I doubt I will. --=20 Simon L. Nielsen FreeBSD Security Team --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFB18x3h9pcDSc1mlERApOcAKDHBev02vtTbXoTffcOAQeobbU1QQCgtF95 lUHHYzlq8QDFzJZX7swDRFM= =HCz3 -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy--