[Bug 202262] sysutils/froxlor: database password information leak (CVE-2015-5959)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Aug 12 02:25:10 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202262
--- Comment #1 from Jason Unovitch <junovitch at freebsd.org> ---
Looking at this:
https://forum.froxlor.org/index.php/topic/13054-important-bugfix-release-09332/
And a small quote for this...
>>actually this fix is missing the removal of the compromised logfiles, otherwise it fixes future logging of passwords, but not the access to the logfile that has been compromised.
>Sorry, as i was pushed to do a release it just got lost in the hurry...removing all .log files from the directory should do the job, alternatively just use the class.ConfigIO.php from Github (https://github.com/F...ss.ConfigIO.php)
I believe we should factor into our VuXML or pkg-message that old logs may
still contain their database password. I intend to research that a bit closer
and provide a recommendation.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list