ports/73144: [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8
Matthias Andree
matthias.andree at gmx.de
Tue Oct 26 02:10:30 UTC 2004
>Number: 73144
>Category: ports
>Synopsis: [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 26 02:10:29 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 4.10-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD libertas.emma.line.org 4.10-RELEASE-p3 FreeBSD 4.10-RELEASE-p3 #7: Tue Sep 28 20:38:58 CEST 2004
>Description:
- Update to 0.92.8
This update fixes among many other tiny bugs one security bug that allows a
remote attacker to cause a denial of service in bogofilter, by crashing it;
a malformatted (non-conformant) RFC-2047 encoded word triggers an attempt to
write a terminating NUL byte past the end of a buffer or (more commonly) into
the zero-page, which causes a segfault.
Depending on the exact MTA/MDA configuration on the receiving machine, this can
cause a denial of service of the mail system.
Please consider committing this on the RELENG_5_3 branch of the ports tree, too.
The original problem was reported against Debian Linux's package by
Antti-Juhani Kaijanaho, see http://bugs.debian.org/275373, and forwarded by
Clint Adams.
A vuxml.xml entry will be sent in a separate mail so it can contain this PR's
serial number.
Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:
--- bogofilter-0.92.8.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/mail/bogofilter/Makefile /root/ports/mail/bogofilter/Makefile
--- /usr/ports/mail/bogofilter/Makefile Sun Oct 17 15:10:03 2004
+++ /root/ports/mail/bogofilter/Makefile Tue Oct 26 03:03:30 2004
@@ -6,7 +6,7 @@
#
PORTNAME= bogofilter
-PORTVERSION= 0.92.7
+PORTVERSION= 0.92.8
PORTREVISION= 0
CATEGORIES?= mail
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
@@ -88,7 +88,7 @@
doc/README.validation TODO \
CHANGES-* RELEASE.NOTES-* \
doc/integrating-with-postfix doc/integrating-with-qmail \
- doc/bogofilter-tuning.HOWTO.html doc/bogofilter-SA-2002-01 METHODS \
+ doc/bogofilter-tuning.HOWTO.html doc/bogofilter-SA-2002-01 \
doc/README.tdb
${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR}
.endfor
diff -ruN --exclude=CVS /usr/ports/mail/bogofilter/distinfo /root/ports/mail/bogofilter/distinfo
--- /usr/ports/mail/bogofilter/distinfo Sun Oct 17 15:10:03 2004
+++ /root/ports/mail/bogofilter/distinfo Tue Oct 26 02:59:06 2004
@@ -1,2 +1,2 @@
-MD5 (bogofilter-0.92.7.tar.bz2) = 6c247d060c23714e5a73d82586a16588
-SIZE (bogofilter-0.92.7.tar.bz2) = 630924
+MD5 (bogofilter-0.92.8.tar.bz2) = dac06b6afcab0e36d17b1604216dc9bf
+SIZE (bogofilter-0.92.8.tar.bz2) = 637420
--- bogofilter-0.92.8.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list