Date: Tue, 25 Sep 2001 00:08:47 -0700 (PDT) From: Doug Barton <dougb@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/textproc/htdig/files patch-htsearch_cc Message-ID: <200109250708.f8P78l276198@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
dougb 2001/09/25 00:08:47 PDT Added files: textproc/htdig/files patch-htsearch_cc Log: This patch comes from the ht://Dig maintainers, and fixes a possible security vulnerability. Quoting from their e-mail announcement: There is a security vulnerability in all versions of htsearch between 3.1.0b2 and 3.1.5 . . . The hole can allow a remote user to pick a file on your system for the config file that the UID running the webserver can read. With a default ports install the httpd user should be nobody, which makes the vulnerability small. Revision Changes Path 1.1 +24 -0 ports/textproc/htdig/files/patch-htsearch_cc (new) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109250708.f8P78l276198>