From owner-freebsd-ports Mon Nov 20 17:40: 9 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D096537B4F9 for ; Mon, 20 Nov 2000 17:40:00 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id RAA79290; Mon, 20 Nov 2000 17:40:00 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from rodan.water-programs.com (unknown [130.86.77.19]) by hub.freebsd.org (Postfix) with ESMTP id C1C6337B4CF for ; Mon, 20 Nov 2000 17:39:27 -0800 (PST) Received: (from scottj@localhost) by rodan.water-programs.com (8.11.1/8.11.1) id eAL1cxE24495; Mon, 20 Nov 2000 17:38:59 -0800 (PST) (envelope-from scottj) Message-Id: <200011210138.eAL1cxE24495@rodan.water-programs.com> Date: Mon, 20 Nov 2000 17:38:59 -0800 (PST) From: joseph@randomnetworks.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/22999: UPDATE of net/ethereal (0.8.13 -> 0.8.14) (security fix also) Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 22999 >Category: ports >Synopsis: UPDATE of net/ethereal (0.8.13 -> 0.8.14) (security fix also) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Nov 20 17:40:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Joseph Scott >Release: FreeBSD 4.2-BETA i386 >Organization: randomnetworks.com >Environment: ports collection >Description: There was a post on bugtraq describing a buffer overflow in ethereal 0.8.13. The port was then marked as FORBIDDEN. Since then ethereal 0.8.14 has been released, which fixes the buffer overflow, in addition to some new dissectors. From the ethereal web site : "An exploit for a buffer overrun in the AFS dissector was recently released on BugTraq. Ethereal 0.8.14 fixes this and other possibly-exploitable overruns. Also new in 0.8.14 are dissectors for WAP, SIP, AIM/OSCAR, 802.11, GIOP v1.2, and MGCP (plugin). Other dissectors were updated as well. Be sure to upgrade to 0.8.14 as soon as possible." For this reason I marked the pr as serious. >How-To-Repeat: >Fix: this diff was generated from /usr/ports, by : diff -ruN net/ethereal.orig net/ethereal ---------------------------------------------- diff -ruN net/ethereal.orig/Makefile net/ethereal/Makefile --- net/ethereal.orig/Makefile Mon Nov 20 17:32:26 2000 +++ net/ethereal/Makefile Mon Nov 20 17:32:43 2000 @@ -6,7 +6,7 @@ # PORTNAME= ethereal -PORTVERSION= 0.8.13 +PORTVERSION= 0.8.14 CATEGORIES= net ipv6 MASTER_SITES= ftp://ftp.ethereal.com/pub/ethereal/ \ ftp://gd.tuwien.ac.at/infosys/security/ethereal/ \ @@ -14,7 +14,6 @@ ftp://the.wiretapped.net/pub/security/packet-sniffing/ethereal/ MAINTAINER= billf@FreeBSD.org -FORBIDDEN= "Remotely exploitable buffer overflow; identical to Security Advisory 00:61" USE_X_PREFIX= yes USE_GTK= yes diff -ruN net/ethereal.orig/distinfo net/ethereal/distinfo --- net/ethereal.orig/distinfo Mon Nov 20 17:32:26 2000 +++ net/ethereal/distinfo Mon Nov 20 17:33:03 2000 @@ -1 +1 @@ -MD5 (ethereal-0.8.13.tar.gz) = 27c799d82573a4d88354938aba0c6325 +MD5 (ethereal-0.8.14.tar.gz) = 470dd018c417a4bd31f1fafdc57cfe06 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message