Date: Fri, 26 Oct 2012 08:46:40 +0000 (UTC) From: Eygene Ryabinkin <rea@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r306428 - in head: mail/exim security/vuxml Message-ID: <201210260846.q9Q8keYN061480@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rea Date: Fri Oct 26 08:46:40 2012 New Revision: 306428 URL: http://svn.freebsd.org/changeset/ports/306428 Log: mail/exim: upgrade to 4.80.1 This is bugfix-only release, it eliminates remote code execution in the DKIM code. Security: http://www.vuxml.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html QA page: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1 Feature safe: yes Modified: head/mail/exim/Makefile head/mail/exim/distinfo head/security/vuxml/vuln.xml Modified: head/mail/exim/Makefile ============================================================================== --- head/mail/exim/Makefile Fri Oct 26 08:37:10 2012 (r306427) +++ head/mail/exim/Makefile Fri Oct 26 08:46:40 2012 (r306428) @@ -78,7 +78,7 @@ PLIST_SUB+= SO_1024="" PLIST_SUB+= SO_1024="@comment " .endif -EXIM_VERSION= 4.80 +EXIM_VERSION= 4.80.1 SA_EXIM_VERSION=4.2 SO_1024_VERSION=3.2 Modified: head/mail/exim/distinfo ============================================================================== --- head/mail/exim/distinfo Fri Oct 26 08:37:10 2012 (r306427) +++ head/mail/exim/distinfo Fri Oct 26 08:46:40 2012 (r306428) @@ -1,5 +1,5 @@ -SHA256 (exim/exim-4.80.tar.bz2) = 787b6defd37fa75311737bcfc42e9e2b2cc62c5d027eed35bb7d800b2d9a0984 -SIZE (exim/exim-4.80.tar.bz2) = 1649827 +SHA256 (exim/exim-4.80.1.tar.bz2) = 9565b10f06be224fd03adafae2e07e6fdbb479f8873e3894ddb13f98eeebe78f +SIZE (exim/exim-4.80.1.tar.bz2) = 1650082 SHA256 (exim/sa-exim-4.2.tar.gz) = 72e0a735547f18b05785e6c58a71d24623858f0f5234a5dc0e24cb453999e99a SIZE (exim/sa-exim-4.2.tar.gz) = 66575 SHA256 (exim/spamooborona1024-src-3.2.tar.gz) = ab22a430f3860460045f6b213c68c89700a0cd10cbb6c7a808ece326c53787ee Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Oct 26 08:37:10 2012 (r306427) +++ head/security/vuxml/vuln.xml Fri Oct 26 08:46:40 2012 (r306428) @@ -51,6 +51,45 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="b0f3ab1f-1f3b-11e2-8fe9-0022156e8794"> + <topic>Exim -- remote code execution</topic> + <affects> + <package> + <name>exim</name> + <range><ge>4.70</ge><lt>4.80.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>This vulnerability affects Exim instances built with DKIM + enabled (this is the default for FreeBSD Exim port) and running + verification of DKIM signatures on the incoming mail + messages.</p> + <p>Phil Penncock reports:</p> + <blockquote cite="https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html">; + <p>This is a SECURITY release, addressing a CRITICAL remote + code execution flaw in versions of Exim between 4.70 and + 4.80 inclusive, when built with DKIM support (the default).</p> + <p>This security vulnerability can be exploited by anyone + who can send email from a domain for which they control the + DNS.</p> + <p>You are not vulnerable if you built Exim with DISABLE_DKIM + or if you put this at the start of an ACL plumbed into + acl_smtp_connect or acl_smtp_rcpt:</p> + <pre>warn control = dkim_disable_verify</pre> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-5671</cvename> + <url>https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html</url>; + </references> + <dates> + <discovery>2012-10-25</discovery> + <entry>2012-10-26</entry> + </dates> + </vuln> + <vuln vid="5f326d75-1db9-11e2-bc8f-d0df9acfd7e5"> <topic>django -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210260846.q9Q8keYN061480>