From owner-svn-ports-head@FreeBSD.ORG Mon Dec 3 20:16:22 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8E6DD4FE; Mon, 3 Dec 2012 20:16:22 +0000 (UTC) (envelope-from mandree@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 685D68FC13; Mon, 3 Dec 2012 20:16:22 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qB3KGMxf032862; Mon, 3 Dec 2012 20:16:22 GMT (envelope-from mandree@svn.freebsd.org) Received: (from mandree@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qB3KGLiM032857; Mon, 3 Dec 2012 20:16:21 GMT (envelope-from mandree@svn.freebsd.org) Message-Id: <201212032016.qB3KGLiM032857@svn.freebsd.org> From: Matthias Andree Date: Mon, 3 Dec 2012 20:16:21 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r308171 - in head: mail/bogofilter mail/bogofilter-sqlite mail/bogofilter-tc security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2012 20:16:22 -0000 Author: mandree Date: Mon Dec 3 20:16:21 2012 New Revision: 308171 URL: http://svnweb.freebsd.org/changeset/ports/308171 Log: Update bogofilter to new upstream release 1.2.3. Security update to fix a heap corruption bug with invalid base64 input, reported and fixed by Julius Plenz, FU Berlin, Germany. Feature safe: yes Security: CVE-2012-5468 Security: f524d8e0-3d83-11e2-807a-080027ef73ec Modified: head/mail/bogofilter-sqlite/Makefile (contents, props changed) head/mail/bogofilter-tc/Makefile (contents, props changed) head/mail/bogofilter/Makefile (contents, props changed) head/mail/bogofilter/distinfo (contents, props changed) head/security/vuxml/vuln.xml Modified: head/mail/bogofilter-sqlite/Makefile ============================================================================== --- head/mail/bogofilter-sqlite/Makefile Mon Dec 3 20:12:49 2012 (r308170) +++ head/mail/bogofilter-sqlite/Makefile Mon Dec 3 20:16:21 2012 (r308171) @@ -6,7 +6,7 @@ # PORTNAME= bogofilter -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= mail PKGNAMESUFFIX= -sqlite Modified: head/mail/bogofilter-tc/Makefile ============================================================================== --- head/mail/bogofilter-tc/Makefile Mon Dec 3 20:12:49 2012 (r308170) +++ head/mail/bogofilter-tc/Makefile Mon Dec 3 20:16:21 2012 (r308171) @@ -6,7 +6,7 @@ # PORTNAME= bogofilter -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= mail PKGNAMESUFFIX= -tc Modified: head/mail/bogofilter/Makefile ============================================================================== --- head/mail/bogofilter/Makefile Mon Dec 3 20:12:49 2012 (r308170) +++ head/mail/bogofilter/Makefile Mon Dec 3 20:16:21 2012 (r308171) @@ -6,8 +6,8 @@ # PORTNAME= bogofilter -PORTVERSION= 1.2.2 -PORTREVISION?= 3 +PORTVERSION= 1.2.3 +PORTREVISION?= 0 CATEGORIES?= mail MASTER_SITES= SF/bogofilter/bogofilter-current/bogofilter-${PORTVERSION} Modified: head/mail/bogofilter/distinfo ============================================================================== --- head/mail/bogofilter/distinfo Mon Dec 3 20:12:49 2012 (r308170) +++ head/mail/bogofilter/distinfo Mon Dec 3 20:16:21 2012 (r308171) @@ -1,2 +1,2 @@ -SHA256 (bogofilter-1.2.2.tar.bz2) = d8cfd1e68375ac8131de8a6998a38ee5b3f7d1151e71efd2b436183545216039 -SIZE (bogofilter-1.2.2.tar.bz2) = 867043 +SHA256 (bogofilter-1.2.3.tar.bz2) = 8ed85fc5ff03d9b07986ee2ce33e1149e30abe2ad8bae1d0c94503ccd2c92e76 +SIZE (bogofilter-1.2.3.tar.bz2) = 868902 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Dec 3 20:12:49 2012 (r308170) +++ head/security/vuxml/vuln.xml Mon Dec 3 20:16:21 2012 (r308171) @@ -51,6 +51,31 @@ Note: Please add new entries to the beg --> + + bogofilter -- heap corruption by invalid base64 input + + bogofilter 1.2.3 + bogofilter-sqlite 1.2.3 + bogofilter-tc 1.2.3 + + + +

David Relson reports:

+
+

Fix a heap corruption in base64 decoder on invalid input. + Analysis and patch by Julius Plenz, [FU Berlin, Germany].

+
+ +
+ + CVE-2012-5468 + + + 2012-10-17 + 2012-12-03 + +
+ chromium -- multiple vulnerabilities