Date: Fri, 11 Feb 2005 13:33:02 +0000 (UTC) From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/textproc/unrtf/files patch-convert.cports/textproc/unrtf Makefile Message-ID: <200502111333.j1BDX2Jt083616@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
danfe 2005-02-11 13:33:02 UTC
FreeBSD ports repository
Modified files:
textproc/unrtf Makefile
Added files:
textproc/unrtf/files patch-convert.c
Log:
- Attempt to fix the exploitable security issue described at
http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by
replacing strcat() with strncat(). Please note that I wasn't able to
reproduce the exploit described at
http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system.
Feedback from someone who can reproduce the exploit with an unpatched unrtf
would be appreciated
- Bump PORTREVISION
- Remove old master site that doesn't seem to have the distfile any more
VuXML: f2d5e56e-67eb-11d9-a9e7-0001020eed82
PR: ports/76852
Submitted by: Stefan Walter <sw(at)gegenunendlich.de>
Revision Changes Path
1.12 +2 -6 ports/textproc/unrtf/Makefile
1.1 +11 -0 ports/textproc/unrtf/files/patch-convert.c (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502111333.j1BDX2Jt083616>