[jadmin] FreeBSD Ports and jabberd14 (WAS Jabberd and ICQ
transport)
Renato Botelho
rbgarga at gmail.com
Wed Aug 30 10:03:45 CDT 2006
On 8/30/06, Paul Cahill <PaulC at car-part.com> wrote:
> Just out of curiosity, why is the FreeBSD group removing jabberd14? Do
> they not know that Jabbderd14 and Jabberd2 are two totally different
> servers and projects?
===> jabber-1.4.3.1,1 has known vulnerabilities:
=> fd_set -- bitmap index overflow in multiple applications.
Reference: <http://www.FreeBSD.org/ports/portaudit/4c005a5e-2541-4d95-80a0-00c76919aa66.html>
This port is listed on VuXML about this vulnerability since
2004-12-12, and until now, we cannot find a fix for it.
1.4.4 version has no fix for it too, so, some committers decided to
mark it as DEPRECATED, announce and wait some time for a fix.
This fix didn't come and if it doesn't come in near future, port will
be removed. If a fix come in future, port can be safely re-added.
Regards
--
Renato Botelho
More information about the JAdmin
mailing list