From owner-freebsd-questions@FreeBSD.ORG Mon Mar 9 14:54:49 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB2231065670 for ; Mon, 9 Mar 2009 14:54:49 +0000 (UTC) (envelope-from levymoti@gmail.com) Received: from mail-gx0-f176.google.com (mail-gx0-f176.google.com [209.85.217.176]) by mx1.freebsd.org (Postfix) with ESMTP id 88CE18FC12 for ; Mon, 9 Mar 2009 14:54:49 +0000 (UTC) (envelope-from levymoti@gmail.com) Received: by gxk24 with SMTP id 24so3301566gxk.19 for ; Mon, 09 Mar 2009 07:54:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=NUPAEBtyWWk6YKUesa27RanV+QG9bVzYpJoq7mzXYcM=; b=Kfvf89BZtgBL9uXyuJgmGhBirXny47Y40zUSs6HcZ6VhW/AtrZGwxJWway/iIfTFZM 4IuIXz1yXceKmngL5A6wqvU5DtxM94K6HMLpXB5b4akaiYMeRwX719KsRAKWla2yljl7 eqswKLZ3n2wtMBpH5kZtPWndBer453CtP5nuI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=rNGk7DBRMKWcnt74kva040JxB+cXXmqtoEnLx5HgKdQvqaeO+FtW4g9ceNwkT7MP/L w3+L2+FRDvEsiPaKfBPmO5SS7kSsIIQA/id/m0sEu+Q5/cYEEbqDAR7W0Oh5oqbd82Uh b267Aq4LyRe+alBdcjZHz4SYBdvEdw9DVGnv8= Received: by 10.151.147.16 with SMTP id z16mr9785153ybn.99.1236610489057; Mon, 09 Mar 2009 07:54:49 -0700 (PDT) Received: from ?192.163.1.51? ([63.138.179.99]) by mx.google.com with ESMTPS id s30sm10015452elf.11.2009.03.09.07.54.43 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 09 Mar 2009 07:54:44 -0700 (PDT) Message-ID: <49B52DB2.2010306@gmail.com> Date: Mon, 09 Mar 2009 10:54:42 -0400 From: Moti Levy User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081204 Thunderbird/3.0b1 MIME-Version: 1.0 To: Zbigniew Szalbot References: <94136a2c0903090036q51d569dfk4a58ef0f8cceab05@mail.gmail.com> <49B4C89C.7080205@gmail.com> <94136a2c0903090047j34ddb20t2bebb19e8353fc66@mail.gmail.com> <35f70db10903090250q1b7c7dd9x30e1dc420fcfe0fc@mail.gmail.com> <94136a2c0903090305t13f59235wa21f855aa18433e@mail.gmail.com> In-Reply-To: <94136a2c0903090305t13f59235wa21f855aa18433e@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: User Questions Subject: Re: roundcube security bug X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2009 14:54:50 -0000 On 03/09/09 6:05 AM, Zbigniew Szalbot wrote: > Hi there, > > On Mon, Mar 9, 2009 at 10:50, Ross Cameron wrote: > >> Surely an attempted cracking attempt on you're server warrants making time? >> > > It does. > > >> Without detailed reports of issues like this how is the vendor expected to >> correct the problem? >> Avoiding installing the code is just a lazy workaround, helping the >> author's will improve the general open source software ecosystem. >> > > Like I said, I just lacked the time. I have notified the port > maintainer though and intend to contact the author but I wish there > was a simpler way then having to register first. > > portaudit is always usefull Affected package: roundcube-0.2.a,1 Type of problem: roundcube -- remote execution of arbitrary code. Reference: