Quoting http://sourceforge.net/forum/forum.php?forum_id=967583 Due to double input checking, a remote command execution security bug exists in all NfSen versions 1.3 and 1.3.1. Users are requested to update to nfsen-1.3.2. Fix: Upgrade to nfsen-1.3.2
Maintainer of net-mgmt/nfsen, Please note that PR ports/136070 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/136070 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Hi, please find attached patch file to mark ports/net-mgmt/nfsen as FORBIDDEN. Kind regards Bjoern -- Bjoern Engels OpenIT GmbH engels@openit.de In der Steele 33a-41 PGP keyID 1024D/895F13C3 D-40599 Duesseldorf ________________________________________________________________________ HRB 38815 Amtsgericht Duesseldorf USt-Id DE 812951861 Geschaeftsfuehrer: Oliver Haakert, Maurice Kemmann
Responsible Changed From-To: freebsd-ports-bugs->wxs I'll take it.
wxs 2009-07-03 01:35:18 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - Document remote command execution in net-mgmt/nfsen PR: ports/136070 Submitted by: Bjoern Engels <engels@openit.de> Revision Changes Path 1.1978 +28 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
wxs 2009-07-03 01:36:09 UTC FreeBSD ports repository Modified files: net-mgmt/nfsen Makefile Log: - Mark FORBIDDEN due to security vulnerability. PR: ports/136070 Submitted by: Bjoern Engels <engels@openit.de> Security: 70372cda-6771-11de-883a-00e0815b8da8 Revision Changes Path 1.13 +2 -0 ports/net-mgmt/nfsen/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->analyzed I've marked the port as forbidden but will be leaving this PR in analyzed state in the hopes that the maintainer will produce a patch to update to 1.3.2 (the fixed version).
Dear FreeBSD commiters, Here I send the patch for upgrade net-mgmt/nfsen to 1.3.2. Janos Mohacsi Network Engineer, Research Associate, Head of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Fri, 26 Jun 2009, Edwin Groothuis wrote: > Maintainer of net-mgmt/nfsen, > > Please note that PR ports/136070 has just been submitted. > > If it contains a patch for an upgrade, an enhancement or a bug fix > you agree on, reply to this email stating that you approve the patch > and a committer will take care of it. > > The full text of the PR can be found at: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/136070 > > -- > Edwin Groothuis via the GNATS Auto Assign Tool > edwin@FreeBSD.org >
On Wed, Jul 08, 2009 at 12:35:40AM +0200, Mohacsi Janos wrote: > Dear FreeBSD commiters, > Here I send the patch for upgrade net-mgmt/nfsen to 1.3.2. > > Janos Mohacsi > Network Engineer, Research Associate, Head of Network Planning and Projects > NIIF/HUNGARNET, HUNGARY > Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 Thanks, I'll commit this change in a day or so. I noticed you're sending this mail from a new address. Would you like me to update your ports to use this address? -- WXS
On Wed, 8 Jul 2009, Wesley Shields wrote: > On Wed, Jul 08, 2009 at 12:35:40AM +0200, Mohacsi Janos wrote: >> Dear FreeBSD commiters, >> Here I send the patch for upgrade net-mgmt/nfsen to 1.3.2. >> >> Janos Mohacsi >> Network Engineer, Research Associate, Head of Network Planning and Projects >> NIIF/HUNGARNET, HUNGARY >> Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 > > Thanks, I'll commit this change in a day or so. > > I noticed you're sending this mail from a new address. Would you like me > to update your ports to use this address? > Please do not update the e-mail address. I use the janos.mohacsi@bsd.hu alias for *BSD related activities. This is forwarded to my current e-mail address. Best Regards, Janos Mohacsi
State Changed From-To: analyzed->closed Committed. Thanks!