Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 2 Jan 2005 11:27:04 +0100
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        Joseph Scott <joseph@randomnetworks.com>
Cc:        ports-committers@freebsd.org
Subject:   Re: cvs commit: ports/mail/ecartis Makefile ports/mail/ecartis/files patch-CAN-2004-0913
Message-ID:  <20050102102703.GA861@zaphod.nitro.dk>
In-Reply-To: <949BE796-5C7B-11D9-9CD6-000A95AD0296@randomnetworks.com>
References:  <200501011921.j01JLldX043465@repoman.freebsd.org> <949BE796-5C7B-11D9-9CD6-000A95AD0296@randomnetworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2005.01.01 21:03:02 -0800, Joseph Scott wrote:
>=20
> On Jan 1, 2005, at 11:21 AM, Simon L. Nielsen wrote:
>=20
> >simon       2005-01-01 19:21:47 UTC
> >
> >  FreeBSD ports repository (doc committer)
> >
> >  Modified files:
> >    mail/ecartis         Makefile
> >  Added files:
> >    mail/ecartis/files   patch-CAN-2004-0913
> >  Log:
> >  Fix a security vulnerabiliy which allows an attacker in the same
> >  domain as the list admin to gain administrator privileges and alter
> >  list settings.
> >
> >  VuXML:         =20
> >http://vuxml.FreeBSD.org/be543d74-539a-11d9-a9e7-0001020eed82.html
> >  Obtained from:  Debian
> >  Approved by:    portmgr (krion), maintainer timeout
>=20
> 	Just looking at related PRs, what does this do to PR ports/71199? =20

Not really anything.

> 	It simply does a version bump, which was reportedly (back in October 200=
4)=20
> approved by the maintainer.

The PR looks simple enough, but when doing security updates I prefer
not to change anything else, unless I have to, since doing that
increases the risk of breaking something and therefor I would have to
do more extensive testing, which in turns means I have less time to
work on the security problems in other ports.

So, hopefully a ports committer will look at this PR after the freeze,
but I doubt I will.

--=20
Simon L. Nielsen
FreeBSD Security Team

--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFB18x3h9pcDSc1mlERApOcAKDHBev02vtTbXoTffcOAQeobbU1QQCgtF95
lUHHYzlq8QDFzJZX7swDRFM=
=HCz3
-----END PGP SIGNATURE-----

--gBBFr7Ir9EOA20Yy--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050102102703.GA861>