similar to: Found security expliot in port phpBB 2.0.8 FreeBSD4.10

Jacques A. Vidrine wrote: > On Mon, Mar 29, 2004 at 08:14:29PM +0200, Oliver Eikemeier wrote: > >>Jacques A. Vidrine wrote: >> >>>On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote: >>> >>>>eik 2004/03/28 15:44:06 PST >>>> >>>>FreeBSD ports repository >>>> >>>>Modified files:

Hi! cc'd to freebsd-security@ as somebody there may correct me, cc'd to secteam@ as maintaner of security/portaudit. On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: > I've just updated my acroread port to 7.0.1 & was surprised when portaudit > still listed it as a vulnerability. I think it is portaudit problem. > According to

Any reason why portaudit and its associated infrastructure was not announced to this list or security-notifications? I recently discovered it, and discovered the feature was added to bsd.port.mk in the beginning of feburary. Seeing as the security officer apparently (without announcement) no longer issues security notices (SNs) for ports, I am assuming that portaudit has replaced SNs entirely,

Hello, The current png-1.2.5_4 port has no more vulnerability. It has been corrected by ache@FreeBSD.org yesterday. But when i try to install the updated port to remplace the vulnerable one this is what i am told : # make install ===> png-1.2.5_4 has known vulnerabilities: >> libpng denial-of-service. Reference:

December 18, 2007 Dear Madam, dear Sir, the portaudit database is very small: >portaudit -F auditfile.tbz 100% of 5688 B 9737 Bps New database installed. > In addition, portaudit does not complain about what it did complain a few days ago. It seems to me that the database is truncated. By the way: How do I post to a mailing list without being later spammed by the

Why wasn't there a FreeBSD security alert for Kerberos 5? Does FreeBSD use the MIT implementation? I got an email from CERT about this. See the attached message below. -- Daniel Rudy >From - Sat Sep 04 03:22:15 2004 X-UIDL: a8f31551eb03ca144862bddc8ccce266 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Apparently-To: dcrudy@pacbell.net via 206.190.37.79; Fri, 03 Sep 2004

Hi, FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct in presuming it will soon? https://rhn.redhat.com/errata/RHSA-2006-0604.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694 cheers, -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 AusCERT - Australia's national

Good day, I need to run some windows apps in my FreeBSD 4.10 workstation but the compilation failed. I'm using GCC 3.4.2 and the make error shows something like this: In file included from kthread.c:41: /usr/include/sys/socket.h:54: redefinition of `socklen_t' ../include/wine/port.h:65: `socklen_t' previously declared here *** Error code 1 Any idea? btw, please inform me

Old Synopsis: portaudit doesn't report about all security bugs New Synopsis: security/portaudit doesn't report about all security bugs Responsible-Changed-From-To: freebsd-ports-bugs->freebsd-security Responsible-Changed-By: linimon Responsible-Changed-When: Fri Jul 29 21:37:38 GMT 2005 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=84312

many, MANY apologies up front if i have sent this to the wrong place! I am inherently a software engineer who now gets to monitor a mail server (don't ask). anyway i get an email message that alerts me from a user that we have been hacked by a spammer and the mail message header is: ------------- Forwarded message follows ------------- X-Auth-No: Return-Path:

Hello, One of my machines I got a report about 3 vulnerable packages (php4, ruby, openssl) in tomorrows security run output, but in today's security run output all of them disappeared, but nobody upgraded or removed the affected packages. I reinstalled portaudit, refreshd its database, but now it reports 0 affected pakages. The pkg_info command lists that three packages, so they are

Hello! Yesterday portaudit notified me about squid's vulnerability, but today it didn't (despite I haven't upgraded squid). This has attracted my attention, so I've compared yesterday's and today's auditfile.tbz: -r--r--r-- 1 root wheel 29875 Sep 6 15:40 auditfile.tbz vs. -r--r--r-- 1 root wheel 5685 Sep 7 10:11 auditfile.tbz I don't see commits to

Hi, I plan to setup an forum for my friend and his friends shortly. But before I setup, I would like to know what are the popular open source forum software/packages to look at.. Please advise. Thanks. --Robinson ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs

Dear members, It may sound a silly question. I have curl installed: # pkg_info |grep curl curl-7.24.0_3 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) Today portsnap updated the ftp/curl port, and patch-CVE-2013-2174 appeared in files/, but the port version remained such that portaudit, and portupgrade still complain about curl's version. What is the recommended way to

There a few php solutions that I would like to integrate with my Rails app. Namely PHPBB(No offense RForum) and WordPress. Is it possible to use these in a Rails environment, and what kind of issues/stumbling blocks would I face if I attempted to? Thanks, James -- Posted via http://www.ruby-forum.com/.

Hello! Port security/portaudit reports the following problem: Affected package: FreeBSD-491000 Type of problem: multiple vulnerabilities in the cvs server code. Reference: <http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm l> Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf I have 2 related questions: 1)

In the thread "[Wine] New to Wine...and already in trouble..." there was a spam post by kizi that says it was "Sent from the Wine - Users mailing list archive at Nabble.com". Can people really send things to our list/forum from other sites/forums? It also seems odd that the reply directs a person to catch up on the thread by linking to Nabble instead of the Wine forum. It

Does anybody know how to access the domain of a cookie from inside rails? I am try to integrate phpbb forums into my site and one of the things phpbb does is store a cookie. The forums are at forums.domain.com and the site is www.domain.com so i needed to set the cookie domain in phpbb to just be ".domain.com" so both sites can access it. The trouble is when using cookies[] in rails,

Hi all, I can see huge traffic here over 400 post in 4 days. My proposal is to create asterisk newsgrup proposal or phpBB forum what do think about it ? BR, Corvin btw. I'm admin of phpBB Forum (slackware forum - polish language), nearly 900 users. I think if someone will prepare it good it can be great project. (but I have 7 person team).

Has anyone successfully integrated (embedded) vbulletin into a rails app? I would be curious to see if/how this worked. RForum still seems quite beta so I am looking for something a little more tried and true. thanks adam