Date: Tue, 26 Oct 2004 04:09:17 +0200 From: Matthias Andree <matthias.andree@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: portmgr@FreeBSD.org Subject: ports/73144: [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8 Message-ID: <E1CMGlx-0008US-Qr@libertas.emma.line.org> Resent-Message-ID: <200410260210.i9Q2ATgV022926@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 73144 >Category: ports >Synopsis: [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8 >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Oct 26 02:10:29 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 4.10-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD libertas.emma.line.org 4.10-RELEASE-p3 FreeBSD 4.10-RELEASE-p3 #7: Tue Sep 28 20:38:58 CEST 2004 >Description: - Update to 0.92.8 This update fixes among many other tiny bugs one security bug that allows a remote attacker to cause a denial of service in bogofilter, by crashing it; a malformatted (non-conformant) RFC-2047 encoded word triggers an attempt to write a terminating NUL byte past the end of a buffer or (more commonly) into the zero-page, which causes a segfault. Depending on the exact MTA/MDA configuration on the receiving machine, this can cause a denial of service of the mail system. Please consider committing this on the RELENG_5_3 branch of the ports tree, too. The original problem was reported against Debian Linux's package by Antti-Juhani Kaijanaho, see http://bugs.debian.org/275373, and forwarded by Clint Adams. A vuxml.xml entry will be sent in a separate mail so it can contain this PR's serial number. Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- bogofilter-0.92.8.patch begins here --- diff -ruN --exclude=CVS /usr/ports/mail/bogofilter/Makefile /root/ports/mail/bogofilter/Makefile --- /usr/ports/mail/bogofilter/Makefile Sun Oct 17 15:10:03 2004 +++ /root/ports/mail/bogofilter/Makefile Tue Oct 26 03:03:30 2004 @@ -6,7 +6,7 @@ # PORTNAME= bogofilter -PORTVERSION= 0.92.7 +PORTVERSION= 0.92.8 PORTREVISION= 0 CATEGORIES?= mail MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} @@ -88,7 +88,7 @@ doc/README.validation TODO \ CHANGES-* RELEASE.NOTES-* \ doc/integrating-with-postfix doc/integrating-with-qmail \ - doc/bogofilter-tuning.HOWTO.html doc/bogofilter-SA-2002-01 METHODS \ + doc/bogofilter-tuning.HOWTO.html doc/bogofilter-SA-2002-01 \ doc/README.tdb ${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR} .endfor diff -ruN --exclude=CVS /usr/ports/mail/bogofilter/distinfo /root/ports/mail/bogofilter/distinfo --- /usr/ports/mail/bogofilter/distinfo Sun Oct 17 15:10:03 2004 +++ /root/ports/mail/bogofilter/distinfo Tue Oct 26 02:59:06 2004 @@ -1,2 +1,2 @@ -MD5 (bogofilter-0.92.7.tar.bz2) = 6c247d060c23714e5a73d82586a16588 -SIZE (bogofilter-0.92.7.tar.bz2) = 630924 +MD5 (bogofilter-0.92.8.tar.bz2) = dac06b6afcab0e36d17b1604216dc9bf +SIZE (bogofilter-0.92.8.tar.bz2) = 637420 --- bogofilter-0.92.8.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1CMGlx-0008US-Qr>