Nope...in the makefile, it looks like he grabs a snapshot and puts it on an approved server. I let him know that a fixed version is up on the *real* CVS. Now that he knows, we'll probably see a pretty quick fix. Many of the ports do point to the proper CVS, so I don't see why this would differ.
You *may* want to send him a little note of encouragement to that effect. Developer carries a lot more weight than general user flunky. sp > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Alan DeKok > Sent: Tuesday, February 19, 2002 12:43 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: FreeRadius Security hole > > > "Scott Pell" <[EMAIL PROTECTED]> wrote: > ... > > I just noticed something else: > > > > Trying update and install this port...getting the following: ===> > > > freeradius-devel-20010310 is forbidden: Remotely > exploitable buffer > > Does FreeBSD *really* include the March, 2001 version > snapshot of the server? > > If so, why? That is NOT from an official release, it > appears to be from a CVS snapshot! > > If FreeBSD is including a CVS snapshot of FreeRADIUS in > their 'ports' section, then they SHOULD NOT include a version > that's nearly a year old. They should upgrade it to the > latest snapshot, which has been fixed for almost 3 months now. > > We will have an official release soon which "officially" > fixes the problem. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > --- > Incoming mail > is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.324 / Virus Database: 181 - Release Date: 2/14/2002 > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.324 / Virus Database: 181 - Release Date: 2/14/2002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html