From owner-freebsd-ports-bugs@FreeBSD.ORG Wed May 19 04:40:22 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5CB716A4CF for ; Wed, 19 May 2004 04:40:22 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B837A43D4C for ; Wed, 19 May 2004 04:40:22 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i4JBeMpJ022970 for ; Wed, 19 May 2004 04:40:22 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i4JBeMu4022969; Wed, 19 May 2004 04:40:22 -0700 (PDT) (envelope-from gnats) Resent-Date: Wed, 19 May 2004 04:40:22 -0700 (PDT) Resent-Message-Id: <200405191140.i4JBeMu4022969@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Frank Ruell Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7809D16A4CE; Wed, 19 May 2004 04:32:43 -0700 (PDT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 231B443D2D; Wed, 19 May 2004 04:32:43 -0700 (PDT) (envelope-from stoerte@dreamwarrior.net) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BQPJ7-0004YX-00; Wed, 19 May 2004 13:32:21 +0200 Received: from [213.146.126.142] (helo=dreamwarrior.foobar.ath.cx) (TLSv1:EDH-RSA-DES-CBC3-SHA:168) (Exim 3.35 #1) id 1BQPJ6-0003Q8-00; Wed, 19 May 2004 13:32:20 +0200 Received: from stoerte by dreamwarrior.foobar.ath.cx with local (Exim 4.34; FreeBSD) id 1BQPJ6-0002fG-1F; Wed, 19 May 2004 13:32:20 +0200 Message-Id: Date: Wed, 19 May 2004 13:32:20 +0200 From: Frank Ruell To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: lev@FreeBSD.org Subject: ports/66871: X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 May 2004 11:40:23 -0000 >Number: 66871 >Category: ports >Synopsis: >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed May 19 04:40:22 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Frank Ruell >Release: FreeBSD 5.2.1-RELEASE-p4 i386 >Organization: >Environment: System: FreeBSD dreamwarrior.foobar.ath.cx 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #1: Mon Apr 12 03:13:36 CEST 2004 root@:/usr/obj/usr/src/sys/Dreamwarrior i386 >Description: Update to newest Version. There's a security isssue with the old version. Quote from http://security.e-matters.de/advisories/062004.html " A vulnerability within a libneon date parsing function could cause a heap overflow which could lead to remote code execution, depending on the application using libneon." It will be CVE CAN-2004-0398, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398 >How-To-Repeat: >Fix: --- neon-0.24.6.patch begins here --- diff -ruN neon.orig/Makefile neon/Makefile --- neon.orig/Makefile Sun Apr 18 08:38:48 2004 +++ neon/Makefile Wed May 19 13:15:34 2004 @@ -6,7 +6,7 @@ # PORTNAME= neon -PORTVERSION= 0.24.5 +PORTVERSION= 0.24.6 CATEGORIES= www MASTER_SITES= http://www.webdav.org/neon/ diff -ruN neon.orig/distinfo neon/distinfo --- neon.orig/distinfo Sun Apr 18 08:38:48 2004 +++ neon/distinfo Wed May 19 13:17:31 2004 @@ -1,2 +1,2 @@ -MD5 (neon-0.24.5.tar.gz) = 69c2a079ea0ab01c6c39e8e01a58c665 -SIZE (neon-0.24.5.tar.gz) = 599383 +MD5 (neon-0.24.6.tar.gz) = e9473de23f9a57b23247d005efb5ebd7 +SIZE (neon-0.24.6.tar.gz) = 600129 --- neon-0.24.6.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: