Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Aug 2004 19:31:43 +0300 (EEST)
From:      Esa Karkkainen <ejk@iki.fi>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        portmgr@FreeBSD.org
Subject:   ports/70874: Security update port: mail/ripmime from 1.3.2.2 to 1.3.2.3
Message-ID:  <200408231631.i7NGVh8s064540@thunderbolt.my.domain>
Resent-Message-ID: <200408231640.i7NGeNjn001209@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         70874
>Category:       ports
>Synopsis:       Security update port: mail/ripmime from 1.3.2.2 to 1.3.2.3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 23 16:40:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Esa Karkkainen
>Release:        FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
Is in state of disintegration
>Environment:
System: FreeBSD 5.2.1-RELEASE-p9 #14: Tue Aug 17 17:10:42 EEST 2004
Ports tree cvsupped at Aug 23 18:55:55 EEST 2004
>Description:
Security update to mail/ripmime. Version 1.3.2.3 supposedly has fix to
"ripMIME attachment extraction bypass". For more information can be found at 

http://www.freebsd.org/ports/portaudit/85e19dff-e606-11d8-9b0a-000347a4fa7d.html

Information I read at above mentioned URL is also the reason why I submitted
this PR. Above mentioned URL contains reference to
"ports/security/vuxml/vuln.xml". I did not find any reference to
"ripMIME attachment extraction bypass" when I searched the "vuln.xml".

>How-To-Repeat:
# portaudit -Fa
# cd /usr/ports/mail/ripmime && make all
>Fix:

diff -ruN /usr/ports/mail/ripmime/Makefile ./Makefile
--- /usr/ports/mail/ripmime/Makefile	Thu Aug 12 05:47:05 2004
+++ ./Makefile	Mon Aug 23 18:58:05 2004
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	ripmime
-PORTVERSION=	1.3.2.2
+PORTVERSION=	1.3.2.3
 CATEGORIES=	mail
 MASTER_SITES=	http://www.pldaniels.com/ripmime/
 
diff -ruN /usr/ports/mail/ripmime/distinfo ./distinfo
--- /usr/ports/mail/ripmime/distinfo	Thu Aug 12 05:47:05 2004
+++ ./distinfo	Mon Aug 23 18:58:41 2004
@@ -1,2 +1,2 @@
-MD5 (ripmime-1.3.2.2.tar.gz) = c1eaa37c276f41300da399ce2923c28f
-SIZE (ripmime-1.3.2.2.tar.gz) = 142057
+MD5 (ripmime-1.3.2.3.tar.gz) = 9e0aef38aceb8468ac59aea8351f5313
+SIZE (ripmime-1.3.2.3.tar.gz) = 142762
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408231631.i7NGVh8s064540>