mail/postfix-policyd-spf relies on vulnerable mail/libspf2-10
Uffe R. B. Andersen
urb at twe.net
Sat Aug 27 22:36:46 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Den 27-08-2011 23:05, Doug Barton skrev:
>> libspf2 port is currently libspf2-1.2.9_1 and according to the
>> page you refer to, the vulnerability affects libspf2 <1.2.8.
>
> Yes, that was my point. :) mail/libspf2-10 and mail/libspf2 are
> different ports. mail/postfix-policyd-spf currently relies on the
> former, it needs to be fixed to work with the latter instead.
Sorry for missing that point, but as mail/libspf2-10 and mail/libspf2
are different ports, why should vulnerabilities listed for only one of
them apply for both?
[root at localhost libspf2-10]# portaudit libspf2-10
0 problem(s) found.
[root at localhost libspf2-10]# portaudit libspf2
Affected package: libspf2
Type of problem: libspf2 -- Buffer overflow.
Reference:
http://portaudit.FreeBSD.org/2ddbfd29-a455-11dd-a55e-00163e000016.html
1 problem(s) found.
According to portaudit, libspf2-10 has no known problems. Apart from
that, I use the postfix-policyd-spf-perl instead and the associated
perl module apparently use libspf2.
- --
Med venlig hilsen - Sincerely
Uffe R. B. Andersen - mailto:urb at twe.net
http://blog.andersen.nu/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
iEYEARECAAYFAk5ZcWcACgkQxC95nUQcrpjiSgCg8aWp2ZLXe8badoDO7Q5rFkuz
JHYAoPF5s5So156WHx9++90jAN+V6zZA
=cLxk
-----END PGP SIGNATURE-----
More information about the freebsd-ports
mailing list