ports/160218: security/stunnel is vulnerable to CVE-2011-2940
Xin LI
delphij at delphij.net
Fri Aug 26 18:17:58 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Here is a patch (tested with basic tinderboxing). This seems to be a
DoS but no remote privilege escalation.
Cheers,
- --
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQEcBAEBCAAGBQJOV+NUAAoJEATO+BI/yjfBJZAH/jGDuaBRoSIo2P4Ja7/E2Hj2
Ja54pMF9gwedGovIWF5PkdE4wL37AJkh632w7NUJtT08ensyousJqY2PSf9ZoEJe
Dc7M2qqJt337gWN0bMdPOtdtmBzES6kPWIuBkatd7UY8xq4tZUpqWOF0iCPREC4a
7ADhf8PYyloBaYtVy3Ulfh12XBmxAU9PpoeMrxgtkuxR6ge4HbsL08NeBcCiLn+s
IEaRnHlul+PTBcqc3JrC3yqtm8beI9lO6Us74fkf+/zUOw7NRJzdNcP9gHuP6fIF
5MCtoN87d+R4TygYjAgbDH8smC349vBDHTkVdTZXbqTabOiiRndjf104Cqld3x8=
=ueFt
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/stunnel/Makefile,v
retrieving revision 1.103
diff -u -p -r1.103 Makefile
--- Makefile 1 Aug 2011 14:47:43 -0000 1.103
+++ Makefile 26 Aug 2011 18:13:37 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= stunnel
-PORTVERSION= 4.41
+PORTVERSION= 4.42
CATEGORIES= security
MASTER_SITES= ftp://ftp.stunnel.org/stunnel/%SUBDIR%/ \
http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/security/stunnel/distinfo,v
retrieving revision 1.58
diff -u -p -r1.58 distinfo
--- distinfo 1 Aug 2011 14:47:43 -0000 1.58
+++ distinfo 26 Aug 2011 18:13:48 -0000
@@ -1,2 +1,2 @@
-SHA256 (stunnel-4.41.tar.gz) = 08e0e7df42bfb8b8551eb6c4b5b50eae6051aaf75077101d729e67c7a3a00c72
-SIZE (stunnel-4.41.tar.gz) = 557467
+SHA256 (stunnel-4.42.tar.gz) = d33c407bfc4f58070e818081bd082c38f91cab7691ccbb794da63143c535de3b
+SIZE (stunnel-4.42.tar.gz) = 558391
More information about the freebsd-bugs
mailing list