mail/postfix-policyd-spf relies on vulnerable mail/libspf2-10
dougb at FreeBSD.org
Sun Aug 28 00:01:12 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 08/27/2011 15:36, Uffe R. B. Andersen wrote:
> Den 27-08-2011 23:05, Doug Barton skrev:
>>> libspf2 port is currently libspf2-1.2.9_1 and according to the
>>> page you refer to, the vulnerability affects libspf2 <1.2.8.
>> Yes, that was my point. :) mail/libspf2-10 and mail/libspf2 are
>> different ports. mail/postfix-policyd-spf currently relies on the
>> former, it needs to be fixed to work with the latter instead.
> Sorry for missing that point, but as mail/libspf2-10 and mail/libspf2
> are different ports, why should vulnerabilities listed for only one of
> them apply for both?
I appreciate your responses, but I think you're missing one or more
large'ish pieces of the puzzle. Here is what I'm seeing with an up to
date portaudit db:
Affected package: libspf2-1.0.4_1
Type of problem: libspf2 -- Buffer overflow.
pkg_info -qo libspf2-1.0.4_1
pkg_info -R libspf2-1.0.4_1
Information for libspf2-1.0.4_1:
make -V PKGNAME
The solution here is that postfix-policyd-spf needs to be updated to not
rely on a vulnerable version of libspf2.
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the freebsd-ports