ports/138415: [MAINTAINER] dns/dnsmasq: SECURITY update to 2.50

Matthias Andree matthias.andree at gmx.de
Mon Aug 31 19:00:13 UTC 2009 

>Number:         138415
>Category:       ports
>Synopsis:       [MAINTAINER] dns/dnsmasq: SECURITY update to 2.50
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 31 19:00:13 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 7.2-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD rho.emma.line.org 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Wed Jun 24 00:57:44 UTC 2009
>Description:
- Update to 2.50, complete changelog:
            Fix security problem which allowed any host permitted to
            do TFTP to possibly compromise dnsmasq by remote buffer
            overflow when TFTP enabled. Thanks to Core Security
            Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
            Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
            Pablo Annetta. This problem has Bugtraq id: 36121
            and CVE: 2009-2957
 
            Fix a problem which allowed a malicious TFTP client to
            crash dnsmasq. Thanks to Steve Grubb at Red Hat for
            spotting this. This problem has Bugtraq id: 36120 and
            CVE: 2009-2958

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- dnsmasq-2.50.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/dns/dnsmasq/Makefile,v
retrieving revision 1.55
diff -u -u -r1.55 Makefile
--- Makefile	13 Aug 2009 21:05:45 -0000	1.55
+++ Makefile	31 Aug 2009 18:55:33 -0000
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	dnsmasq
-PORTVERSION=	2.49
-PORTREVISION=	2
+PORTVERSION=	2.50
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://www.thekelleys.org.uk/dnsmasq/ \
 		${MASTER_SITE_GENTOO}
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/dns/dnsmasq/distinfo,v
retrieving revision 1.39
diff -u -u -r1.39 distinfo
--- distinfo	15 Jun 2009 21:07:27 -0000	1.39
+++ distinfo	31 Aug 2009 18:55:33 -0000
@@ -1,3 +1,3 @@
-MD5 (dnsmasq-2.49.tar.gz) = 7ccc861d8a733474f9c0a0a127006ee9
-SHA256 (dnsmasq-2.49.tar.gz) = 41cf32fc496a216d33d75b00fc3bf0386f4cb3b89996a853dc3bb78c09f30b31
-SIZE (dnsmasq-2.49.tar.gz) = 407342
+MD5 (dnsmasq-2.50.tar.gz) = f7b1e17c590e493039537434c57c9de7
+SHA256 (dnsmasq-2.50.tar.gz) = 43cb239cc10803fbc39fe1424b7481e7e1e553476a88c6d691b60da44762a60f
+SIZE (dnsmasq-2.50.tar.gz) = 402668
--- dnsmasq-2.50.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list