Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Aug 2006 13:46:04 +0330
From:      "Babak Farrokhi" <babak@farrokhi.net>
To:        "'Stanislav Sedov'" <ssedov@mbsd.msk.ru>, <freebsd-ports@freebsd.org>
Subject:   RE: awstats-6.5_1,1 is forbidden: Command Injection Vulnerability.
Message-ID:  <000701c6b61c$aa59f700$ff0de500$@net>
In-Reply-To: <20060802132705.375bab36@localhost>
References:  <56729ea90608020217k750a12e3h3f35c8c6caf136cf@mail.gmail.com> <20060802132705.375bab36@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

Awstats-devel (which has solved this security issue) is in GNATS waiting =
for
submission (PR ports/100162).

-- Babak Farrokhi

> -----Original Message-----
> From: owner-freebsd-ports@freebsd.org [mailto:owner-freebsd-
> ports@freebsd.org] On Behalf Of Stanislav Sedov
> Sent: Wednesday, August 02, 2006 12:57 PM
> To: freebsd-ports@freebsd.org
> Subject: Re: awstats-6.5_1,1 is forbidden: Command Injection
> Vulnerability.
>=20
> On Wed, 2 Aug 2006 17:17:16 +0800
> chevy <quchifeng@gmail.com> mentioned:
>=20
> > mail# pwd
> > /usr/ports/www/awstats
> > mail# make fetch
> > =3D=3D=3D>  awstats-6.5_1,1 is forbidden: Command Injection =
Vulnerability.
> > *** Error code 1
> >
> > Stop in /usr/ports/www/awstats.
> > please fix !! thank you !
> >
>=20
> You should for vendor's fix or contact port maintainer - the fix might
> be already here.
>=20
> Alternately you can comment-out FORBIDDEN line in the port's Makefile
> and install port anyway if you are understanding what you are doing.
>=20
> --
> Stanislav Sedov         MBSD labs, Inc.         <ssedov@mbsd.msk.ru>
> =F2=CF=D3=D3=C9=D1, =ED=CF=D3=CB=D7=C1         http://mbsd.msk.ru
>=20
> --------------------------------------------------------------------
> If the facts don't fit the theory, change the facts.  -- A. Einstein
> --------------------------------------------------------------------
> PGP fingerprint:  F21E D6CC 5626 9609 6CE2  A385 2BF5 5993 EB26 9581




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c6b61c$aa59f700$ff0de500$>