

Only two remote holes in the default install, in more than 10 years - gopher
http://301.sickos.org/f1c1aa86

======
there
oh no, a lame xss bug in a 3rd party cgi script that runs on a solaris web
server hosting a website that uses no cookies. surely this is big news!

------
shadytrees
You have achieved the difficult task of making CVS less usable.

------
dguido
This was posted on full-disclosure August 6th.

<http://seclists.org/fulldisclosure/2008/Aug/0074.html>

------
gstar
I cant decide if that's classy or cheeky.

But regardless, I dont know if a bug in cvsweb counts as openbsd - does it?

~~~
silentbicycle
Not when cvsweb is running on Solaris.

~~~
garrydanger
why run solaris at all when there is only 2 remote holes in the default
install of openbsd?

~~~
silentbicycle
Probably because when somebody donates tons of space and bandwidth to you,
it's rude to argue with them over their choice of OS.

<http://openbsd.org/faq/faq8.html#wwwsolaris>

------
stassats
Is that a hole? Is that a default install?

~~~
gopher
A security hole? Indeed. In the default install? No, but anyways, those are
the security guys and I feel this was funny:-)

~~~
silentbicycle
Not on OpenBSD at all. That's Solaris.
(<http://openbsd.org/faq/faq8.html#wwwsolaris>)

------
tptacek
OH NOEZ! U G0TZ MY CVSWEB COOKEEZ!

