Date: Mon, 20 Nov 2000 17:38:59 -0800 (PST) From: joseph@randomnetworks.com To: FreeBSD-gnats-submit@freebsd.org Subject: ports/22999: UPDATE of net/ethereal (0.8.13 -> 0.8.14) (security fix also) Message-ID: <200011210138.eAL1cxE24495@rodan.water-programs.com>
next in thread | raw e-mail | index | archive | help
>Number: 22999 >Category: ports >Synopsis: UPDATE of net/ethereal (0.8.13 -> 0.8.14) (security fix also) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Nov 20 17:40:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Joseph Scott >Release: FreeBSD 4.2-BETA i386 >Organization: randomnetworks.com >Environment: ports collection >Description: There was a post on bugtraq describing a buffer overflow in ethereal 0.8.13. The port was then marked as FORBIDDEN. Since then ethereal 0.8.14 has been released, which fixes the buffer overflow, in addition to some new dissectors. From the ethereal web site : "An exploit for a buffer overrun in the AFS dissector was recently released on BugTraq. Ethereal 0.8.14 fixes this and other possibly-exploitable overruns. Also new in 0.8.14 are dissectors for WAP, SIP, AIM/OSCAR, 802.11, GIOP v1.2, and MGCP (plugin). Other dissectors were updated as well. Be sure to upgrade to 0.8.14 as soon as possible." For this reason I marked the pr as serious. >How-To-Repeat: >Fix: this diff was generated from /usr/ports, by : diff -ruN net/ethereal.orig net/ethereal ---------------------------------------------- diff -ruN net/ethereal.orig/Makefile net/ethereal/Makefile --- net/ethereal.orig/Makefile Mon Nov 20 17:32:26 2000 +++ net/ethereal/Makefile Mon Nov 20 17:32:43 2000 @@ -6,7 +6,7 @@ # PORTNAME= ethereal -PORTVERSION= 0.8.13 +PORTVERSION= 0.8.14 CATEGORIES= net ipv6 MASTER_SITES= ftp://ftp.ethereal.com/pub/ethereal/ \ ftp://gd.tuwien.ac.at/infosys/security/ethereal/ \ @@ -14,7 +14,6 @@ ftp://the.wiretapped.net/pub/security/packet-sniffing/ethereal/ MAINTAINER= billf@FreeBSD.org -FORBIDDEN= "Remotely exploitable buffer overflow; identical to Security Advisory 00:61" USE_X_PREFIX= yes USE_GTK= yes diff -ruN net/ethereal.orig/distinfo net/ethereal/distinfo --- net/ethereal.orig/distinfo Mon Nov 20 17:32:26 2000 +++ net/ethereal/distinfo Mon Nov 20 17:33:03 2000 @@ -1 +1 @@ -MD5 (ethereal-0.8.13.tar.gz) = 27c799d82573a4d88354938aba0c6325 +MD5 (ethereal-0.8.14.tar.gz) = 470dd018c417a4bd31f1fafdc57cfe06 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011210138.eAL1cxE24495>