From owner-freebsd-ports@FreeBSD.ORG  Wed Aug  2 10:16:08 2006
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
X-Original-To: freebsd-ports@freebsd.org
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D8D9616A4E1
	for <freebsd-ports@freebsd.org>; Wed,  2 Aug 2006 10:16:08 +0000 (UTC)
	(envelope-from babak@farrokhi.net)
Received: from Plesk.datak.net (plesk.datak-telecom.net [81.91.129.96])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8DA5643D55
	for <freebsd-ports@freebsd.org>; Wed,  2 Aug 2006 10:16:07 +0000 (GMT)
	(envelope-from babak@farrokhi.net)
Received: (qmail 46004 invoked from network); 2 Aug 2006 14:46:05 +0430
Received: from unknown (HELO ELF) (81.91.130.209)
	by webmail.datak-telecom.com with (RC4-MD5 encrypted) SMTP;
	2 Aug 2006 14:46:05 +0430
From: "Babak Farrokhi" <babak@farrokhi.net>
To: "'Stanislav Sedov'" <ssedov@mbsd.msk.ru>,
	<freebsd-ports@freebsd.org>
References: <56729ea90608020217k750a12e3h3f35c8c6caf136cf@mail.gmail.com>
	<20060802132705.375bab36@localhost>
In-Reply-To: <20060802132705.375bab36@localhost>
Date: Wed, 2 Aug 2006 13:46:04 +0330
Message-ID: <000701c6b61c$aa59f700$ff0de500$@net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="KOI8-R"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Aca2Fhx7Ba7ghmCUS46Wn93jGiuSWQABeUCw
Content-Language: en-us
Cc: 
Subject: RE: awstats-6.5_1,1 is forbidden: Command Injection Vulnerability.
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2006 10:16:08 -0000

Hi,

Awstats-devel (which has solved this security issue) is in GNATS waiting =
for
submission (PR ports/100162).

-- Babak Farrokhi

> -----Original Message-----
> From: owner-freebsd-ports@freebsd.org [mailto:owner-freebsd-
> ports@freebsd.org] On Behalf Of Stanislav Sedov
> Sent: Wednesday, August 02, 2006 12:57 PM
> To: freebsd-ports@freebsd.org
> Subject: Re: awstats-6.5_1,1 is forbidden: Command Injection
> Vulnerability.
>=20
> On Wed, 2 Aug 2006 17:17:16 +0800
> chevy <quchifeng@gmail.com> mentioned:
>=20
> > mail# pwd
> > /usr/ports/www/awstats
> > mail# make fetch
> > =3D=3D=3D>  awstats-6.5_1,1 is forbidden: Command Injection =
Vulnerability.
> > *** Error code 1
> >
> > Stop in /usr/ports/www/awstats.
> > please fix !! thank you !
> >
>=20
> You should for vendor's fix or contact port maintainer - the fix might
> be already here.
>=20
> Alternately you can comment-out FORBIDDEN line in the port's Makefile
> and install port anyway if you are understanding what you are doing.
>=20
> --
> Stanislav Sedov         MBSD labs, Inc.         <ssedov@mbsd.msk.ru>
> =F2=CF=D3=D3=C9=D1, =ED=CF=D3=CB=D7=C1         http://mbsd.msk.ru
>=20
> --------------------------------------------------------------------
> If the facts don't fit the theory, change the facts.  -- A. Einstein
> --------------------------------------------------------------------
> PGP fingerprint:  F21E D6CC 5626 9609 6CE2  A385 2BF5 5993 EB26 9581