Date: Wed, 7 Nov 2007 00:24:55 +0100 (CET) From: Mats Dufberg <mats@dufberg.se> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/117882: mail/prayer needs update Message-ID: <20071106232455.C7B7F11503@kafka.narnia.pp.se> Resent-Message-ID: <200711070010.lA70A2r0073125@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 117882 >Category: ports >Synopsis: mail/prayer needs update >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Nov 07 00:10:01 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Mats Dufberg >Release: FreeBSD 5.5-RELEASE-p16 i386 >Organization: private >Environment: System: FreeBSD kafka.narnia.pp.se 5.5-RELEASE-p16 FreeBSD 5.5-RELEASE-p16 #7: Sat Oct 6 23:00:42 CEST 2007 dufberg@kafka.narnia.pp.se:/usr/obj/usr/src/sys/KAFKA i386 >Description: The current version of mail/prayer is based on prayer 1.0.16. According to the Prayer web site the latest version (1.0.18) contains important security fixes. >From documentation in 1.0.18 source: 04/09/2006 ========== Release: Prayer 1.0.18 Important Security fix: os_connect_unix() had a strcpy() which should have been strncpy() to prevent buffer overrun. Prayer 1.0.17 was mostly safe. By 28/06/2006 ============= Release: Prayer 1.0.17 Fix small foulup wuth gethostbyname() calculations when binding Prayer to specific interfaces. Cleanups to stop char vs unsigned char warnings with latest c-client. Make sure that all internal draft messages consistently use CRLF. Security audit for Prayer frontend following attack: Optional Chroot environment (See chroot options in config file). Stripped out debugging code. >How-To-Repeat: >Fix: Upgrade to 1.0.18. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071106232455.C7B7F11503>