Date: Mon, 09 Mar 2009 10:54:42 -0400 From: Moti Levy <levymoti@gmail.com> To: Zbigniew Szalbot <zszalbot@gmail.com> Cc: User Questions <freebsd-questions@freebsd.org> Subject: Re: roundcube security bug Message-ID: <49B52DB2.2010306@gmail.com> In-Reply-To: <94136a2c0903090305t13f59235wa21f855aa18433e@mail.gmail.com> References: <94136a2c0903090036q51d569dfk4a58ef0f8cceab05@mail.gmail.com> <49B4C89C.7080205@gmail.com> <94136a2c0903090047j34ddb20t2bebb19e8353fc66@mail.gmail.com> <35f70db10903090250q1b7c7dd9x30e1dc420fcfe0fc@mail.gmail.com> <94136a2c0903090305t13f59235wa21f855aa18433e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/09/09 6:05 AM, Zbigniew Szalbot wrote: > Hi there, > > On Mon, Mar 9, 2009 at 10:50, Ross Cameron<abalour@gmail.com> wrote: > >> Surely an attempted cracking attempt on you're server warrants making time? >> > > It does. > > >> Without detailed reports of issues like this how is the vendor expected to >> correct the problem? >> Avoiding installing the code is just a lazy workaround, helping the >> author's will improve the general open source software ecosystem. >> > > Like I said, I just lacked the time. I have notified the port > maintainer though and intend to contact the author but I wish there > was a simpler way then having to register first. > > portaudit is always usefull Affected package: roundcube-0.2.a,1 Type of problem: roundcube -- remote execution of arbitrary code. Reference: <http://www.FreeBSD.org/ports/portaudit/8f483746-d45d-11dd-84ec-001fc66e7203.html>;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49B52DB2.2010306>