Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 1 Aug 2010 19:04:51 +0300 (EEST)
From:      Esa Karkkainen <ejk@iki.fi>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        fjoe@FreeBSD.org, Esa Karkkainen <ejk@iki.fi>
Subject:   ports/149180: Security update to fix archivers/libmspack Infinite Loop Denial of Service
Message-ID:  <201008011604.o71G4poG031193@thunderbolt.my.domain>
Resent-Message-ID: <201008011630.o71GU6a9014092@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         149180
>Category:       ports
>Synopsis:       Security update to fix archivers/libmspack Infinite Loop Denial of Service
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 01 16:30:05 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Esa Karkkainen
>Release:        FreeBSD 8.1-RELEASE amd64
>Organization:
Is in state of disintegration
>Environment:

System: FreeBSD 8.1-RELEASE
Ports tree updated at Aug 1st, 17:30:19 2010 EET

>Description:

Please see

<http://portaudit.FreeBSD.org/43024078-9b63-11df-8983-001d60d86f38.html>;

>How-To-Repeat:

Install ports-mgmt/portaudit, run "portaudit -F" command and then try to
install archivers/libmspack.

>Fix:

diff -ruN /usr/ports/archivers/libmspack/Makefile ports/archivers/libmspack/Makefile
--- /usr/ports/archivers/libmspack/Makefile	2009-08-02 22:32:06.000000000 +0300
+++ ports/archivers/libmspack/Makefile	2010-08-01 18:56:42.938935398 +0300
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	libmspack
-PORTVERSION=	0.0.20060920
+PORTVERSION=	0.2
 CATEGORIES=	archivers
 MASTER_SITES=	http://www.cabextract.org.uk/libmspack/
 DISTNAME=	${PORTNAME}-${PORTVERSION}alpha
diff -ruN /usr/ports/archivers/libmspack/distinfo ports/archivers/libmspack/distinfo
--- /usr/ports/archivers/libmspack/distinfo	2009-02-01 10:53:21.000000000 +0200
+++ ports/archivers/libmspack/distinfo	2010-08-01 18:52:06.750312943 +0300
@@ -1,3 +1,3 @@
-MD5 (libmspack-0.0.20060920alpha.tar.gz) = 72003dfa5da2e843e3d5ae0c18f7c969
-SHA256 (libmspack-0.0.20060920alpha.tar.gz) = e2a5397fcd8088da76b72a8bbfac156cd3d0dc916709ed5b034bda74726fe0af
-SIZE (libmspack-0.0.20060920alpha.tar.gz) = 498217
+MD5 (libmspack-0.2alpha.tar.gz) = a51c65ba1dc9b53090d4e65e1f55d860
+SHA256 (libmspack-0.2alpha.tar.gz) = 01c951e883aa6518f4c2fd92f64fbab1763c00a7f776a9cce678168479f3e0df
+SIZE (libmspack-0.2alpha.tar.gz) = 399498
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008011604.o71G4poG031193>