Date: Mon, 3 Dec 2012 20:16:21 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r308171 - in head: mail/bogofilter mail/bogofilter-sqlite mail/bogofilter-tc security/vuxml Message-ID: <201212032016.qB3KGLiM032857@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Mon Dec 3 20:16:21 2012 New Revision: 308171 URL: http://svnweb.freebsd.org/changeset/ports/308171 Log: Update bogofilter to new upstream release 1.2.3. Security update to fix a heap corruption bug with invalid base64 input, reported and fixed by Julius Plenz, FU Berlin, Germany. Feature safe: yes Security: CVE-2012-5468 Security: f524d8e0-3d83-11e2-807a-080027ef73ec Modified: head/mail/bogofilter-sqlite/Makefile (contents, props changed) head/mail/bogofilter-tc/Makefile (contents, props changed) head/mail/bogofilter/Makefile (contents, props changed) head/mail/bogofilter/distinfo (contents, props changed) head/security/vuxml/vuln.xml Modified: head/mail/bogofilter-sqlite/Makefile ============================================================================== --- head/mail/bogofilter-sqlite/Makefile Mon Dec 3 20:12:49 2012 (r308170) +++ head/mail/bogofilter-sqlite/Makefile Mon Dec 3 20:16:21 2012 (r308171) @@ -6,7 +6,7 @@ # PORTNAME= bogofilter -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= mail PKGNAMESUFFIX= -sqlite Modified: head/mail/bogofilter-tc/Makefile ============================================================================== --- head/mail/bogofilter-tc/Makefile Mon Dec 3 20:12:49 2012 (r308170) +++ head/mail/bogofilter-tc/Makefile Mon Dec 3 20:16:21 2012 (r308171) @@ -6,7 +6,7 @@ # PORTNAME= bogofilter -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= mail PKGNAMESUFFIX= -tc Modified: head/mail/bogofilter/Makefile ============================================================================== --- head/mail/bogofilter/Makefile Mon Dec 3 20:12:49 2012 (r308170) +++ head/mail/bogofilter/Makefile Mon Dec 3 20:16:21 2012 (r308171) @@ -6,8 +6,8 @@ # PORTNAME= bogofilter -PORTVERSION= 1.2.2 -PORTREVISION?= 3 +PORTVERSION= 1.2.3 +PORTREVISION?= 0 CATEGORIES?= mail MASTER_SITES= SF/bogofilter/bogofilter-current/bogofilter-${PORTVERSION} Modified: head/mail/bogofilter/distinfo ============================================================================== --- head/mail/bogofilter/distinfo Mon Dec 3 20:12:49 2012 (r308170) +++ head/mail/bogofilter/distinfo Mon Dec 3 20:16:21 2012 (r308171) @@ -1,2 +1,2 @@ -SHA256 (bogofilter-1.2.2.tar.bz2) = d8cfd1e68375ac8131de8a6998a38ee5b3f7d1151e71efd2b436183545216039 -SIZE (bogofilter-1.2.2.tar.bz2) = 867043 +SHA256 (bogofilter-1.2.3.tar.bz2) = 8ed85fc5ff03d9b07986ee2ce33e1149e30abe2ad8bae1d0c94503ccd2c92e76 +SIZE (bogofilter-1.2.3.tar.bz2) = 868902 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Dec 3 20:12:49 2012 (r308170) +++ head/security/vuxml/vuln.xml Mon Dec 3 20:16:21 2012 (r308171) @@ -51,6 +51,31 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="f524d8e0-3d83-11e2-807a-080027ef73ec"> + <topic>bogofilter -- heap corruption by invalid base64 input</topic> + <affects> + <package> <name>bogofilter</name> <range><lt>1.2.3</lt></range> </package> + <package> <name>bogofilter-sqlite</name> <range><lt>1.2.3</lt></range> </package> + <package> <name>bogofilter-tc</name> <range><lt>1.2.3</lt></range> </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>David Relson reports:</p> + <blockquote cite="https://bogofilter.svn.sourceforge.net/svnroot/bogofilter/trunk/bogofilter/NEWS">; + <p>Fix a heap corruption in base64 decoder on invalid input. + Analysis and patch by Julius Plenz, [FU Berlin, Germany].</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-5468</cvename> + </references> + <dates> + <discovery>2012-10-17</discovery> + <entry>2012-12-03</entry> + </dates> + </vuln> + <vuln vid="5af51ae9-3acd-11e2-a4eb-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212032016.qB3KGLiM032857>