Procmail Vulnerabilities check

Andrea Venturoli ml at netfence.it
Sat Nov 25 17:38:33 UTC 2017


On 11/25/17 17:59, Roger Marquis wrote:
> Jos Chrispijn wrote:
>> Dear sunpoet,
>> Noticed this week following issue on procmail.
>> ...
>> procmail -- Heap-based buffer overflow
>> https://vuxml.FreeBSD.org/freebsd/288f7cee-ced6-11e7-8ae9-0050569f0b83.html 
>>
> 
> Whether mail/procmail is patched or deprecated standard practice has
> been to upgrade to mailmaildrop for some years now.  Procmail source is
> difficult to read at best, has been unmaintained for a long time and
> mailmaildrop is a better tool for this job in almost every way (except
> perhaps for macros like TO).

Unfortunately there are a few ports (8 or 9 it seems) that depend on 
procmail: I don't know how easy would be to move them to a different 
software.

I, for one, am not using procmail directly, but i use security/logcheck.

Just my 2c.

  bye
	av.


More information about the freebsd-ports mailing list