mail/postfix-policyd-spf relies on vulnerable mail/libspf2-10
Doug Barton
dougb at FreeBSD.org
Sun Aug 28 00:01:12 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 08/27/2011 15:36, Uffe R. B. Andersen wrote:
> Den 27-08-2011 23:05, Doug Barton skrev:
>>> libspf2 port is currently libspf2-1.2.9_1 and according to the
>>> page you refer to, the vulnerability affects libspf2 <1.2.8.
>
>> Yes, that was my point. :) mail/libspf2-10 and mail/libspf2 are
>> different ports. mail/postfix-policyd-spf currently relies on the
>> former, it needs to be fixed to work with the latter instead.
>
> Sorry for missing that point, but as mail/libspf2-10 and mail/libspf2
> are different ports, why should vulnerabilities listed for only one of
> them apply for both?
I appreciate your responses, but I think you're missing one or more
large'ish pieces of the puzzle. Here is what I'm seeing with an up to
date portaudit db:
portaudit -a
Affected package: libspf2-1.0.4_1
Type of problem: libspf2 -- Buffer overflow.
Reference:
http://portaudit.FreeBSD.org/2ddbfd29-a455-11dd-a55e-00163e000016.html
pkg_info -qo libspf2-1.0.4_1
mail/libspf2-10
pkg_info -R libspf2-1.0.4_1
Information for libspf2-1.0.4_1:
Required by:
postfix-policyd-spf-1.0.1_3
cd /usr/ports/mail/libspf2-10/
make -V PKGNAME
libspf2-1.0.4_1
The solution here is that postfix-policyd-spf needs to be updated to not
rely on a vulnerable version of libspf2.
Doug
- --
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQEcBAEBCAAGBQJOWYUGAAoJEFzGhvEaGryEnUAIAKf/lui9bgcm8tW/uFFoJcJm
3zjIRL5rdlCOX3T6pRurGMHI49sQRFEKPc/npEPq2UYTmnt9wYYB2Yv4l/OVz/WA
N5qjldk4ciT9oFdYRFC6zEQzPjnDh0C4zmiJs6jrNxo9PZt+2ghuDIB0vpkmHbAv
zvLfn8Gqy/LZY+mae/5xTfnUxPWHE87TmoajPjIwNMn2qWD8lA0RhxjjHeTBH9al
lBM350BsOFhAo+SLeQ20+tycngi0PjF9SbrsTCTdMvNocB5PvisGadE4eGcJ46PT
lu4Tnxh5U3dbC/qNfsug02v6pofKiiwtIJjcok40pKrVJNR79+VxjjoitzODlsY=
=8sLS
-----END PGP SIGNATURE-----
More information about the freebsd-ports
mailing list