Re: exmh security bugfix!

From: Bruce A. Mah (bmah@FreeBSD.org)
Date: 01/16/01


To: Lars Köller <Lars.Koeller@uni-bielefeld.de>
From: bmah@FreeBSD.org (Bruce A. Mah)
Date: Tue, 16 Jan 2001 05:38:48 -0800


If memory serves me right, Lars =?iso-8859-1?Q?K=F6ller?= wrote:

> As the maintainer for exmh2 on the FreeBSD ports collection I would =
> inform you about an security issue just mentioned on BUGTRAQ (see =
> attached Mail).

Hi Lars--

Thanks for the note. We (the exmh developers) have been working on a
fix; a new version (which will be called exmh-2.3) will be released
probably today. I'll be updating the port as soon as this happens. If
there isn't something put up by late today, I'll fix the port with a
patch from exmh's CVS repository.

More information is at:

http://www.beedub.com/exmh/symlink.html

<soapbox>
It would have been really nice if the person who originally reported
this bug to BUGTRAQ had bothered to contact *any* of the exmh developers
before posting to said list. Apparently, nowadays, saying "I'M 3L33T
CUZ I F0UND A H0LE 1ST" is more important than giving developers a
chance to actually fix problems in their software.
</soapbox>

Cheers,

Bruce.

PS. Yes, I should have put the patch into the port sooner. I had
thought we would have cut a new exmh release earlier, which would have
made this a moot point. One way or another FreeBSD will see the fix
today.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message