Date: Sun, 2 Sep 2007 14:10:27 +0200 (CEST) From: Matthias Andree <matthias.andree@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: barner@FreeBSD.org Subject: ports/116011: [PATCH] mail/fetchmail: fix CVE-2007-4565 Denial of Service Message-ID: <20070902121027.5BAED5C28@rho.emma.line.org> Resent-Message-ID: <200709021220.l82CK13Z089581@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116011 >Category: ports >Synopsis: [PATCH] mail/fetchmail: fix CVE-2007-4565 Denial of Service >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Sep 02 12:20:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 6.2-RELEASE-p7 i386 >Organization: >Environment: System: FreeBSD rho.emma.line.org 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #1: Fri Aug 31 14:58:52 CEST 2007 >Description: Add a patch to fix a denial of service vulnerability. Corresponding VuXML update has been submitted separately, "Subject: [PATCH] security/vuxml: add CVE-2007-4565 (fetchmail DoS)" (PR# not yet assigned by GNATS) This is the official patch from http://www.fetchmail.info/fetchmail-SA-2007-02.txt Added file(s): - files/patch-CVE-2007-4565 Port maintainer (barner@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- fetchmail-6.3.8_4.patch begins here --- diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/Makefile /usr/home/emma/ports/mail/fetchmail/Makefile --- /usr/ports/mail/fetchmail/Makefile Mon Aug 13 16:31:54 2007 +++ /usr/home/emma/ports/mail/fetchmail/Makefile Sun Sep 2 13:20:51 2007 @@ -11,7 +11,7 @@ PORTNAME= fetchmail PORTVERSION= 6.3.8 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= mail ipv6 MASTER_SITES= ${MASTER_SITE_BERLIOS} \ ${MASTER_SITE_SUNSITE:S/$/:sunsite/}\ diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/files/patch-CVE-2007-4565 /usr/home/emma/ports/mail/fetchmail/files/patch-CVE-2007-4565 --- /usr/ports/mail/fetchmail/files/patch-CVE-2007-4565 Thu Jan 1 01:00:00 1970 +++ /usr/home/emma/ports/mail/fetchmail/files/patch-CVE-2007-4565 Sun Sep 2 13:19:35 2007 @@ -0,0 +1,11 @@ +--- sink.c (revision 5118) ++++ sink.c (revision 5119) +@@ -262,7 +262,7 @@ + const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; + + /* don't bounce in reply to undeliverable bounces */ +- if (!msg->return_path[0] || ++ if (!msg || !msg->return_path[0] || + strcmp(msg->return_path, "<>") == 0 || + strcasecmp(msg->return_path, md1) == 0 || + strncasecmp(msg->return_path, md2, strlen(md2)) == 0) --- fetchmail-6.3.8_4.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070902121027.5BAED5C28>