Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10
--C7zPtVaVf+AK4Oqc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Dec 29, 2004 at 07:32:26PM +0000, Josef El-Rayes wrote:
> "Peter C. Lai" <sirmoo@cowbert.net>:
> > On Mon, Dec 27, 2004 at 06:18:30PM -0800, Julian Elischer wrote:
> > > might be a good idea if we "urged" users to update their phpbb a bit=
=20
> > > more vocally.
> >=20
> > Or if someone had been vigilant enough to add a vuxml entry about it ba=
ck
> > in November. Waiting >30 days to update the database that portaudit uses
> > is a bit longish, don't you think? The "urging" to which you refer is
> > already one of the services provided by portaudit.
>=20
> first of all, if you run a machine you care about, you should think
> twice before installing a software which has a bad security track
> as phpBB has. secondly, most of the time we do not know security
> issue any earlier then they get posted to bugtraq or similiar
> mailinglists, so why dont you track these lists yourself?
I always have a headache with the phpBB installation for the FreeBSD
China Community. I personally subscribe to phpBB's CVS commit message
and patch immediately when they have committed something "interesting".
I would admit that it's a bit late for the vuxml chunk to catch up with
this. However, it's a good idea to catch up with every phpbb updates,
as almost every updates is related to security issues during the last
year[1]...
[1] http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/phpbb/Makefile
Cheers,
--=20
Xin LI <delphij frontfree net> http://www.delphij.net/
See complete headers for GPG key and other information.
--C7zPtVaVf+AK4Oqc
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFB1Ao0/cVsHxFZiIoRAo9KAJ4l/jz+aZed5rllIYwBOs0rnjfIoACdHn8X
igey0AML7HacItJjITguHGo=
=6yAE
-----END PGP SIGNATURE-----
--C7zPtVaVf+AK4Oqc--
討論串 (同標題文章)
完整討論串 (本文為第 16 之 18 篇):