Bug 86833

Summary: maintainer-update: ftp/weex - fixing a remote format string bug
Product: Ports & Packages Reporter: Emanuel Haupt <ehaupt>
Component: Individual Port(s)Assignee: Jean-Yves Lefort <jylefort>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
weex.patch none

Description Emanuel Haupt 2005-10-02 15:50:13 UTC 
ftp/weex suffers from a remote format string security bug.

Someone who controls an FTP server that weex will log in to can
set up malicious data in the account that weex will use, and that
will cause a format string bug that will allow remote code
execution. It will only happen when weex is first run or when its
cache files are rebuilt with the -r option, though.

This behaviour is verified in versions 2.6.1 and 2.6.1.5

Fix: See: http://critical.ch/weex.log
Comment 1 Jean-Yves Lefort freebsd_committer freebsd_triage 2005-10-02 16:45:22 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->jylefort

Take.
Comment 2 Jean-Yves Lefort freebsd_committer freebsd_triage 2005-10-02 16:59:02 UTC 
State Changed
From-To: open->closed

Committed, thanks!