From owner-cvs-all@FreeBSD.ORG  Thu May  6 09:28:43 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id BB4E016A4CE; Thu,  6 May 2004 09:28:43 -0700 (PDT)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 64CB043D3F; Thu,  6 May 2004 09:28:43 -0700 (PDT)
	(envelope-from nectar@celabo.org)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified))
	by gw.celabo.org (Postfix) with ESMTP
	id DA38E54840; Thu,  6 May 2004 11:28:42 -0500 (CDT)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id 719FA6FDA6; Thu,  6 May 2004 11:28:42 -0500 (CDT)
Date: Thu, 6 May 2004 11:28:42 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Message-ID: <20040506162842.GA1129@madman.celabo.org>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Oliver Eikemeier <eikemeier@fillmore-labs.com>,
	ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org,
	cvs-all@FreeBSD.org
References: <200405061543.i46FhrL2015423@repoman.freebsd.org>
	<20040506160133.GB790@madman.celabo.org> <409A658A.30206@fillmore-labs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <409A658A.30206@fillmore-labs.com>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.6i
cc: cvs-ports@FreeBSD.org
cc: cvs-all@FreeBSD.org
cc: ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2004 16:28:43 -0000

On Thu, May 06, 2004 at 06:19:22PM +0200, Oliver Eikemeier wrote:
> Jacques A. Vidrine wrote:
> 
> >On Thu, May 06, 2004 at 08:43:53AM -0700, Oliver Eikemeier wrote:
> >
> >>eik         2004/05/06 08:43:53 PDT
> >>
> >> FreeBSD ports repository
> >>
> >> Modified files:
> >>   security/vuxml       vuln.xml 
> >> Log:
> >> exim buffer overflow when verify = header_syntax is used
> >> 
> >> Revision  Changes    Path
> >> 1.90      +27 -0     ports/security/vuxml/vuln.xml
> >
> >Thanks!
> >Actually, there are two bugs: CAN-2004-0399 CAN-2004-0400
> >Were both of these fixed?
> 
> I guess I have no access to the preliminary information
> CAN-2004-0399 contains, so I can't tell.

George's advisory included two bugs:

CAN-2004-0399: exim buffer overflows with sender address/host name
when sender_verify is enabled

CAN-2004-0400: exim buffer overflow with header name when
headers_check_syntax is enabled

Maybe only one of them affected the version of exim we have?

Cheers,
-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org