Date: Mon, 31 Aug 2009 20:56:41 +0200 (CEST) From: Matthias Andree <matthias.andree@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/138415: [MAINTAINER] dns/dnsmasq: SECURITY update to 2.50 Message-ID: <20090831185642.1B3B533E77@rho.emma.line.org> Resent-Message-ID: <200908311900.n7VJ0Dnm049355@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138415
>Category: ports
>Synopsis: [MAINTAINER] dns/dnsmasq: SECURITY update to 2.50
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 31 19:00:13 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 7.2-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD rho.emma.line.org 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Wed Jun 24 00:57:44 UTC 2009
>Description:
- Update to 2.50, complete changelog:
Fix security problem which allowed any host permitted to
do TFTP to possibly compromise dnsmasq by remote buffer
overflow when TFTP enabled. Thanks to Core Security
Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
Pablo Annetta. This problem has Bugtraq id: 36121
and CVE: 2009-2957
Fix a problem which allowed a malicious TFTP client to
crash dnsmasq. Thanks to Steve Grubb at Red Hat for
spotting this. This problem has Bugtraq id: 36120 and
CVE: 2009-2958
Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:
--- dnsmasq-2.50.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/dns/dnsmasq/Makefile,v
retrieving revision 1.55
diff -u -u -r1.55 Makefile
--- Makefile 13 Aug 2009 21:05:45 -0000 1.55
+++ Makefile 31 Aug 2009 18:55:33 -0000
@@ -6,8 +6,7 @@
#
PORTNAME= dnsmasq
-PORTVERSION= 2.49
-PORTREVISION= 2
+PORTVERSION= 2.50
CATEGORIES= dns ipv6
MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/ \
${MASTER_SITE_GENTOO}
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/dns/dnsmasq/distinfo,v
retrieving revision 1.39
diff -u -u -r1.39 distinfo
--- distinfo 15 Jun 2009 21:07:27 -0000 1.39
+++ distinfo 31 Aug 2009 18:55:33 -0000
@@ -1,3 +1,3 @@
-MD5 (dnsmasq-2.49.tar.gz) = 7ccc861d8a733474f9c0a0a127006ee9
-SHA256 (dnsmasq-2.49.tar.gz) = 41cf32fc496a216d33d75b00fc3bf0386f4cb3b89996a853dc3bb78c09f30b31
-SIZE (dnsmasq-2.49.tar.gz) = 407342
+MD5 (dnsmasq-2.50.tar.gz) = f7b1e17c590e493039537434c57c9de7
+SHA256 (dnsmasq-2.50.tar.gz) = 43cb239cc10803fbc39fe1424b7481e7e1e553476a88c6d691b60da44762a60f
+SIZE (dnsmasq-2.50.tar.gz) = 402668
--- dnsmasq-2.50.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090831185642.1B3B533E77>