Date: Fri, 26 Aug 2011 11:17:56 -0700 From: Xin LI <delphij@delphij.net> Cc: freebsd-bugs@FreeBSD.org, roam@FreeBSD.org Subject: Re: ports/160218: security/stunnel is vulnerable to CVE-2011-2940 Message-ID: <4E57E354.6070003@delphij.net> In-Reply-To: <201108261742.p7QHg6iG099719@freefall.freebsd.org> References: <201108261742.p7QHg6iG099719@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Here is a patch (tested with basic tinderboxing). This seems to be a DoS but no remote privilege escalation. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOV+NUAAoJEATO+BI/yjfBJZAH/jGDuaBRoSIo2P4Ja7/E2Hj2 Ja54pMF9gwedGovIWF5PkdE4wL37AJkh632w7NUJtT08ensyousJqY2PSf9ZoEJe Dc7M2qqJt337gWN0bMdPOtdtmBzES6kPWIuBkatd7UY8xq4tZUpqWOF0iCPREC4a 7ADhf8PYyloBaYtVy3Ulfh12XBmxAU9PpoeMrxgtkuxR6ge4HbsL08NeBcCiLn+s IEaRnHlul+PTBcqc3JrC3yqtm8beI9lO6Us74fkf+/zUOw7NRJzdNcP9gHuP6fIF 5MCtoN87d+R4TygYjAgbDH8smC349vBDHTkVdTZXbqTabOiiRndjf104Cqld3x8= =ueFt -----END PGP SIGNATURE----- [-- Attachment #2 --] Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/stunnel/Makefile,v retrieving revision 1.103 diff -u -p -r1.103 Makefile --- Makefile 1 Aug 2011 14:47:43 -0000 1.103 +++ Makefile 26 Aug 2011 18:13:37 -0000 @@ -6,7 +6,7 @@ # PORTNAME= stunnel -PORTVERSION= 4.41 +PORTVERSION= 4.42 CATEGORIES= security MASTER_SITES= ftp://ftp.stunnel.org/stunnel/%SUBDIR%/ \ http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \ Index: distinfo =================================================================== RCS file: /home/ncvs/ports/security/stunnel/distinfo,v retrieving revision 1.58 diff -u -p -r1.58 distinfo --- distinfo 1 Aug 2011 14:47:43 -0000 1.58 +++ distinfo 26 Aug 2011 18:13:48 -0000 @@ -1,2 +1,2 @@ -SHA256 (stunnel-4.41.tar.gz) = 08e0e7df42bfb8b8551eb6c4b5b50eae6051aaf75077101d729e67c7a3a00c72 -SIZE (stunnel-4.41.tar.gz) = 557467 +SHA256 (stunnel-4.42.tar.gz) = d33c407bfc4f58070e818081bd082c38f91cab7691ccbb794da63143c535de3b +SIZE (stunnel-4.42.tar.gz) = 558391
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E57E354.6070003>