Date: Fri, 19 Mar 1999 14:09:00 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: "Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu>, freebsd-security@FreeBSD.ORG Subject: Re: 3.1-RELEASE Message-ID: <v0401170eb318504cb315@[128.113.24.47]> In-Reply-To: <Pine.SOL.3.96L.990319134429.7811A-100000@unix13.andrew.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 1:49 PM -0500 3/19/99, Harry M. Leitzell wrote: > I am just curious as to who updates the ports for the RELEASEs. >It seems when I was installing 3.1 on a friends machine yesterday and went >to install an ftp daemon, I ended up using the ports to install proftpd. >The only problem with this is that the ports collection installed pre1 >which has a known buffer overflow in it. Maybe I am wrong in assuming >this is a bad thing ... but shouldn't someone be checking and updating >things like this? If you notice something like this, it is good to do a send-pr for it. The fact that someone is doing a port doesn't mean that they follow the development of it very closely. It just means that they like it, and they know how to get it setup and working for FreeBSD. So they may not be aware of a security issue, but once someone makes them aware of one then they may jump right on updating the port. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v0401170eb318504cb315>