Date: Thu, 6 May 2004 11:28:42 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Oliver Eikemeier <eikemeier@fillmore-labs.com> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20040506162842.GA1129@madman.celabo.org> In-Reply-To: <409A658A.30206@fillmore-labs.com> References: <200405061543.i46FhrL2015423@repoman.freebsd.org> <20040506160133.GB790@madman.celabo.org> <409A658A.30206@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 06, 2004 at 06:19:22PM +0200, Oliver Eikemeier wrote: > Jacques A. Vidrine wrote: > > >On Thu, May 06, 2004 at 08:43:53AM -0700, Oliver Eikemeier wrote: > > > >>eik 2004/05/06 08:43:53 PDT > >> > >> FreeBSD ports repository > >> > >> Modified files: > >> security/vuxml vuln.xml > >> Log: > >> exim buffer overflow when verify = header_syntax is used > >> > >> Revision Changes Path > >> 1.90 +27 -0 ports/security/vuxml/vuln.xml > > > >Thanks! > >Actually, there are two bugs: CAN-2004-0399 CAN-2004-0400 > >Were both of these fixed? > > I guess I have no access to the preliminary information > CAN-2004-0399 contains, so I can't tell. George's advisory included two bugs: CAN-2004-0399: exim buffer overflows with sender address/host name when sender_verify is enabled CAN-2004-0400: exim buffer overflow with header name when headers_check_syntax is enabled Maybe only one of them affected the version of exim we have? Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040506162842.GA1129>