Date: Sat, 25 Nov 2017 18:32:24 +0100 From: Andrea Venturoli <ml@netfence.it> To: freebsd-ports@freebsd.org, Roger Marquis <marquis@roble.com> Subject: Re: Procmail Vulnerabilities check Message-ID: <f14bdd7e-6fdd-6e7c-1784-74c66b6d3724@netfence.it> In-Reply-To: <nycvar.OFS.7.76.1711250853410.73766@eboyr.pbz> References: <nycvar.OFS.7.76.1711250853410.73766@eboyr.pbz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/25/17 17:59, Roger Marquis wrote: > Jos Chrispijn wrote: >> Dear sunpoet, >> Noticed this week following issue on procmail. >> ... >> procmail -- Heap-based buffer overflow >> https://vuxml.FreeBSD.org/freebsd/288f7cee-ced6-11e7-8ae9-0050569f0b83.html >> > > Whether mail/procmail is patched or deprecated standard practice has > been to upgrade to mailmaildrop for some years now. Procmail source is > difficult to read at best, has been unmaintained for a long time and > mailmaildrop is a better tool for this job in almost every way (except > perhaps for macros like TO). Unfortunately there are a few ports (8 or 9 it seems) that depend on procmail: I don't know how easy would be to move them to a different software. I, for one, am not using procmail directly, but i use security/logcheck. Just my 2c. bye av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f14bdd7e-6fdd-6e7c-1784-74c66b6d3724>