From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Aug 10 17:30:02 2007 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4360916A418 for ; Fri, 10 Aug 2007 17:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0ABDD13C465 for ; Fri, 10 Aug 2007 17:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7AHU14b023991 for ; Fri, 10 Aug 2007 17:30:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7AHU1CD023990; Fri, 10 Aug 2007 17:30:01 GMT (envelope-from gnats) Resent-Date: Fri, 10 Aug 2007 17:30:01 GMT Resent-Message-Id: <200708101730.l7AHU1CD023990@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Takamichi Tateoka Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3014516A419 for ; Fri, 10 Aug 2007 17:23:46 +0000 (UTC) (envelope-from tate@tateoka.org) Received: from leaf.mobile.tateoka.org (h112.p050.iij4u.or.jp [210.130.50.112]) by mx1.freebsd.org (Postfix) with ESMTP id CA5FE13C458 for ; Fri, 10 Aug 2007 17:23:41 +0000 (UTC) (envelope-from tate@tateoka.org) Received: by leaf.mobile.tateoka.org (Postfix, from userid 9623) id 4E96D244CCF; Sat, 11 Aug 2007 02:08:28 +0900 (JST) Message-Id: <20070810170828.4E96D244CCF@leaf.mobile.tateoka.org> Date: Sat, 11 Aug 2007 02:08:28 +0900 (JST) From: Takamichi Tateoka To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: tate@tateoka.org Subject: ports/115387: ports/lha-ac is affected CVE-2006-4335 and CVE-2006-4337. X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Takamichi Tateoka List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2007 17:30:02 -0000 >Number: 115387 >Category: ports >Synopsis: ports/lha-ac is affected CVE-2006-4335 and CVE-2006-4337. >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Aug 10 17:30:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Takamichi Tateoka >Release: FreeBSD 6.2-RELEASE-p7 i386 >Organization: private >Environment: System: FreeBSD leaf.mobile.tateoka.org 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #3: Thu Aug 2 11:28:17 JST 2007 tate@leaf.mobile.tateoka.org:/usr/src/sys/i386/compile/GENERIC i386 ports/lha-ac (lha-ac-1.14i_8) >Description: lha-ac-1.14i_8 uses lha-1.14i-ac20050924 distribution. However, it has secrity problem described in CVE-2006-4335 and CVE-2006-4337. It should use lha-1.14i-ac20050924p1, which fixed the problems. You can see lha-1.14i-ac20050924 branch changelog on following URL: http://cvs.sourceforge.jp/cgi-bin/viewcvs.cgi/lha/lha/src/maketbl.c?only_with_tag=ac-20050924-branch >How-To-Repeat: >Fix: Update to lha-1.14i-ac20050924p1. >Release-Note: >Audit-Trail: >Unformatted: