ports/73144: [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8

Matthias Andree matthias.andree at gmx.de
Tue Oct 26 02:10:30 UTC 2004

>Number:         73144
>Category:       ports
>Synopsis:       [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 26 02:10:29 GMT 2004
>Originator:     Matthias Andree
>Release:        FreeBSD 4.10-RELEASE-p3 i386
System: FreeBSD libertas.emma.line.org 4.10-RELEASE-p3 FreeBSD 4.10-RELEASE-p3 #7: Tue Sep 28 20:38:58 CEST 2004
- Update to 0.92.8

This update fixes among many other tiny bugs one security bug that allows a
remote attacker to cause a denial of service in bogofilter, by crashing it;
a malformatted (non-conformant) RFC-2047 encoded word triggers an attempt to
write a terminating NUL byte past the end of a buffer or (more commonly) into
the zero-page, which causes a segfault.

Depending on the exact MTA/MDA configuration on the receiving machine, this can
cause a denial of service of the mail system.

Please consider committing this on the RELENG_5_3 branch of the ports tree, too.

The original problem was reported against Debian Linux's package by
Antti-Juhani Kaijanaho, see http://bugs.debian.org/275373, and forwarded by
Clint Adams.

A vuxml.xml entry will be sent in a separate mail so it can contain this PR's
serial number.

Generated with FreeBSD Port Tools 0.63

--- bogofilter-0.92.8.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/mail/bogofilter/Makefile /root/ports/mail/bogofilter/Makefile
--- /usr/ports/mail/bogofilter/Makefile	Sun Oct 17 15:10:03 2004
+++ /root/ports/mail/bogofilter/Makefile	Tue Oct 26 03:03:30 2004
@@ -6,7 +6,7 @@
 PORTNAME=	bogofilter
@@ -88,7 +88,7 @@
 	doc/README.validation TODO \
 	doc/integrating-with-postfix doc/integrating-with-qmail \
-	doc/bogofilter-tuning.HOWTO.html doc/bogofilter-SA-2002-01 METHODS \
+	doc/bogofilter-tuning.HOWTO.html doc/bogofilter-SA-2002-01 \
diff -ruN --exclude=CVS /usr/ports/mail/bogofilter/distinfo /root/ports/mail/bogofilter/distinfo
--- /usr/ports/mail/bogofilter/distinfo	Sun Oct 17 15:10:03 2004
+++ /root/ports/mail/bogofilter/distinfo	Tue Oct 26 02:59:06 2004
@@ -1,2 +1,2 @@
-MD5 (bogofilter-0.92.7.tar.bz2) = 6c247d060c23714e5a73d82586a16588
-SIZE (bogofilter-0.92.7.tar.bz2) = 630924
+MD5 (bogofilter-0.92.8.tar.bz2) = dac06b6afcab0e36d17b1604216dc9bf
+SIZE (bogofilter-0.92.8.tar.bz2) = 637420
--- bogofilter-0.92.8.patch ends here ---


More information about the freebsd-ports-bugs mailing list