Date: Sat, 11 Aug 2007 02:08:28 +0900 (JST) From: Takamichi Tateoka <tate@tateoka.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: tate@tateoka.org Subject: ports/115387: ports/lha-ac is affected CVE-2006-4335 and CVE-2006-4337. Message-ID: <20070810170828.4E96D244CCF@leaf.mobile.tateoka.org> Resent-Message-ID: <200708101730.l7AHU1CD023990@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 115387 >Category: ports >Synopsis: ports/lha-ac is affected CVE-2006-4335 and CVE-2006-4337. >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Aug 10 17:30:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Takamichi Tateoka >Release: FreeBSD 6.2-RELEASE-p7 i386 >Organization: private >Environment: System: FreeBSD leaf.mobile.tateoka.org 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #3: Thu Aug 2 11:28:17 JST 2007 tate@leaf.mobile.tateoka.org:/usr/src/sys/i386/compile/GENERIC i386 ports/lha-ac (lha-ac-1.14i_8) >Description: lha-ac-1.14i_8 uses lha-1.14i-ac20050924 distribution. However, it has secrity problem described in CVE-2006-4335 and CVE-2006-4337. It should use lha-1.14i-ac20050924p1, which fixed the problems. You can see lha-1.14i-ac20050924 branch changelog on following URL: http://cvs.sourceforge.jp/cgi-bin/viewcvs.cgi/lha/lha/src/maketbl.c?only_with_tag=ac-20050924-branch >How-To-Repeat: >Fix: Update to lha-1.14i-ac20050924p1. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070810170828.4E96D244CCF>