From owner-freebsd-gnome@FreeBSD.ORG Mon Jun 25 11:27:54 2007 Return-Path: X-Original-To: gnome@FreeBSD.org Delivered-To: freebsd-gnome@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8984D16A400; Mon, 25 Jun 2007 11:27:54 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.freebsd.org (Postfix) with ESMTP id F2A5613C457; Mon, 25 Jun 2007 11:27:53 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id 56801EB29B8; Mon, 25 Jun 2007 19:12:13 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id WFy5jy18+xhi; Mon, 25 Jun 2007 19:12:10 +0800 (CST) Received: from LI-Xins-MacBook.local (sina152-194.staff.sina.com.cn [61.135.152.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id D4A36EB29B7; Mon, 25 Jun 2007 19:12:08 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to: subject:x-enigmail-version:content-type; b=XmxZTXy4CteX1zqxfqdM/mL3a1gyuQs63SYMuF322CSPTu4TxUTubn1Hoj0jaac5W mpPiLXzF5uL+Tb5u/jgBQ== Message-ID: <467FA300.9090709@delphij.net> Date: Mon, 25 Jun 2007 19:12:00 +0800 From: LI Xin Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.4 (Macintosh/20070604) MIME-Version: 1.0 To: mezz@FreeBSD.org, gnome@FreeBSD.org X-Enigmail-Version: 0.95.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig9CA63D55D717CA5A31C753EE" Cc: Subject: [SECURITY] [Fwd: [ports] cvs commit: ports/security/vuxml vuln.xml] X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2007 11:27:54 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9CA63D55D717CA5A31C753EE Content-Type: multipart/mixed; boundary="------------010204040503080102030004" This is a multi-part message in MIME format. --------------010204040503080102030004 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable FYI. The patch is from: http://svn.gnome.org/viewcvs/evolution-data-server/trunk/camel/providers/= imap/camel-imap-folder.c?view=3Dpatch&r1=3D7817&r2=3D7816&pathrev=3D7817 Cheers, --=20 Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------010204040503080102030004 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="patch-SECURITY-CVE-2007-3257" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="patch-SECURITY-CVE-2007-3257" Index: Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/ports/databases/evolution-data-server/Makefile,v retrieving revision 1.35 diff -u -p -r1.35 Makefile --- Makefile 29 May 2007 03:06:03 -0000 1.35 +++ Makefile 25 Jun 2007 11:09:02 -0000 @@ -8,6 +8,7 @@ =20 PORTNAME=3D evolution-data-server PORTVERSION=3D 1.10.2 +PORTREVISION=3D 1 CATEGORIES=3D databases gnome MASTER_SITES=3D ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR=3D sources/${PORTNAME}/${PORTVERSION:C/^([0-9]+\.[0-9= ]+).*/\1/} Index: files/patch-CVE-2007-3257 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: files/patch-CVE-2007-3257 diff -N files/patch-CVE-2007-3257 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-CVE-2007-3257 25 Jun 2007 11:06:27 -0000 @@ -0,0 +1,20 @@ +--- camel/providers/imap/camel-imap-folder.c.orig 2007-06-25 19:05:09.44= 5434798 +0800 ++++ camel/providers/imap/camel-imap-folder.c 2007-06-25 19:05:40.4546073= 58 +0800 +@@ -655,7 +655,7 @@ + uid =3D g_datalist_get_data (&data, "UID"); + flags =3D GPOINTER_TO_UINT (g_datalist_get_data (&data, "FLAGS")); + =09 +- if (!uid || !seq || seq > summary_len) { ++ if (!uid || !seq || seq > summary_len || seq < 0) { + g_datalist_clear (&data); + continue; + } +@@ -2789,7 +2789,7 @@ + =09 + if (*response !=3D '*' || *(response + 1) !=3D ' ') + return NULL; +- seq =3D strtol (response + 2, &response, 10); ++ seq =3D strtoul (response + 2, &response, 10); + if (seq =3D=3D 0) + return NULL; + if (g_ascii_strncasecmp (response, " FETCH (", 8) !=3D 0) --------------010204040503080102030004 Content-Type: message/rfc822; name="[ports] cvs commit: ports/security/vuxml vuln.xml.eml" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename*0="[ports] cvs commit: ports/security/vuxml vuln.xml.eml" Return-Path: Received: from tarsier.geekcn.org ([unix socket]) by mail.geekcn.org (Cyrus v2.3.8) with LMTPA; Mon, 25 Jun 2007 18:58:16 +0800 X-Sieve: CMU Sieve 2.3 Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id 96EC6EB29AD for ; Mon, 25 Jun 2007 18:58:14 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id jMOzSvdxw3EH for ; Mon, 25 Jun 2007 18:58:09 +0800 (CST) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 974C2EB265D for ; Mon, 25 Jun 2007 18:58:06 +0800 (CST) Authentication-Results: tarsier.geekcn.org from=delphij@FreeBSD.ORG; sender-id=softfail; spf=softfail Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by fledge.watson.org (8.13.8/8.13.8) with ESMTP id l5PAw4ME045878 for ; Mon, 25 Jun 2007 06:58:04 -0400 (EDT) (envelope-from delphij@FreeBSD.ORG) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by cyrus.watson.org (Postfix) with ESMTP id D92D648605 for ; Mon, 25 Jun 2007 06:58:04 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [69.147.83.54]) by mx2.freebsd.org (Postfix) with ESMTP id 2A19619C74 for ; Mon, 25 Jun 2007 10:57:58 +0000 (UTC) (envelope-from delphij@FreeBSD.ORG) Received: by hub.freebsd.org (Postfix, from userid 1035) id 31AE516A526; Mon, 25 Jun 2007 10:57:57 +0000 (UTC) X-Original-To: delphij Delivered-To: delphij@FreeBSD.ORG Received: by hub.freebsd.org (Postfix, from userid 217) id CD7FD16A568; Mon, 25 Jun 2007 10:57:56 +0000 (UTC) From: Xin LI Subject: [ports] cvs commit: ports/security/vuxml vuln.xml In-Reply-To: <200706251057.l5PAvrRZ021518@repoman.freebsd.org> To: delphij@FreeBSD.ORG Message-Id: <20070625105756.CD7FD16A568@hub.freebsd.org> Date: Mon, 25 Jun 2007 10:57:56 +0000 (UTC) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (fledge.watson.org [209.31.154.41]); Mon, 25 Jun 2007 11:58:05 +0100 (BST) delphij 2007-06-25 10:57:52 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document evolution-data-server remote arbitrary code execution vulnerability. Fix at: Evolution SVN changeset 7817 (#447414) Revision Changes Path 1.1354 +31 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" Index: ports/security/vuxml/vuln.xml diff -u ports/security/vuxml/vuln.xml:1.1353 ports/security/vuxml/vuln.xml:1.1354 --- ports/security/vuxml/vuln.xml:1.1353 Sun Jun 24 11:34:12 2007 +++ ports/security/vuxml/vuln.xml Mon Jun 25 10:57:52 2007 @@ -34,6 +34,36 @@ --> + + evolution-data-server -- remote execution of arbitrary code vulnerability + + + evolution-data-server + 1.11.4 + + + + +

Debian project reports:

+
+

It was discovered that the IMAP code in the Evolution + Data Server performs insufficient sanitising of a value + later used an array index, which can lead to the execution + of arbitrary code.

+
+ + + + CVE-2007-3257 + http://secunia.com/advisories/25766/ + http://bugzilla.gnome.org/show_bug.cgi?id=447414 + + + 2007-06-23 + 2007-06-25 + + + xpcd -- buffer overflow --------------010204040503080102030004-- --------------enig9CA63D55D717CA5A31C753EE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGf6MBOfuToMruuMARCkq1AJ4zcSAQg+xebb+69Q7CUcBV25lB+ACfXBL8 YtxcYhq/aK4xC9TnD1NNnlM= =qsZT -----END PGP SIGNATURE----- --------------enig9CA63D55D717CA5A31C753EE--