Procmail Vulnerabilities check
Andrea Venturoli
ml at netfence.it
Sat Nov 25 17:38:33 UTC 2017
On 11/25/17 17:59, Roger Marquis wrote:
> Jos Chrispijn wrote:
>> Dear sunpoet,
>> Noticed this week following issue on procmail.
>> ...
>> procmail -- Heap-based buffer overflow
>> https://vuxml.FreeBSD.org/freebsd/288f7cee-ced6-11e7-8ae9-0050569f0b83.html
>>
>
> Whether mail/procmail is patched or deprecated standard practice has
> been to upgrade to mailmaildrop for some years now. Procmail source is
> difficult to read at best, has been unmaintained for a long time and
> mailmaildrop is a better tool for this job in almost every way (except
> perhaps for macros like TO).
Unfortunately there are a few ports (8 or 9 it seems) that depend on
procmail: I don't know how easy would be to move them to a different
software.
I, for one, am not using procmail directly, but i use security/logcheck.
Just my 2c.
bye
av.
More information about the freebsd-ports
mailing list