mail/postfix-policyd-spf relies on vulnerable mail/libspf2-10
Doug Barton
dougb at FreeBSD.org
Sat Aug 27 21:05:26 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 08/27/2011 11:07, Uffe R. B. Andersen wrote:
> Den 26-08-2011 22:22, Doug Barton skrev:
>> Howdy,
>
>> Doing some port updates and noticed that mail/postfix-policyd-spf
>> relies on mail/libspf2-10, which according to
>> http://portaudit.FreeBSD.org/2ddbfd29-a455-11dd-a55e-00163e000016.html
>
>
> is vulnerable. There is a port of mail/libspf2 which is not vulnerable,
>> is it possible to update mail/postfix-policyd-spf to rely on it
>> instead?
>
> libspf2 port is currently libspf2-1.2.9_1 and according to the page
> you refer to, the vulnerability affects libspf2 <1.2.8.
Yes, that was my point. :) mail/libspf2-10 and mail/libspf2 are
different ports. mail/postfix-policyd-spf currently relies on the
former, it needs to be fixed to work with the latter instead.
Doug
- --
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQEcBAEBCAAGBQJOWVwUAAoJEFzGhvEaGryEQRUH/172rPtxYdWnCOotkqPZvYr3
3qRFYd6EqQWklnAZ50WB7TwyrIqHaIv9GdU3GR6wh0Hll+CbdUIqqghn4VkjPKZ1
0pIwD6kqkZmunNzXlfWB9MTscZGFrkSzDfhg69I8pZ5mbtCu3NPi00GSm2rTd+/h
IP2LeOz8NkkwVmxpP1ysX36W7E61pP56f4pyv3JUZQ09ZZbM3ipeabOxFEc8E3CL
Qf6kNHrJa2ZhNkaaJluQIBhbjXylJ98LGnqBHnhOi0CmIqsGDn64/ujqX+1cZfsb
AScG3n0KNMOJCEa9Q3yW3FGlCVcoTNm3tl/HZVSQHvSSCyRakisJcZlK5KMY9fs=
=Qms2
-----END PGP SIGNATURE-----
More information about the freebsd-ports
mailing list