From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Oct 22 17:40:01 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAD09106567D for ; Wed, 22 Oct 2008 17:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AABAA8FC18 for ; Wed, 22 Oct 2008 17:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id m9MHe1K4039912 for ; Wed, 22 Oct 2008 17:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id m9MHe1eR039911; Wed, 22 Oct 2008 17:40:01 GMT (envelope-from gnats) Resent-Date: Wed, 22 Oct 2008 17:40:01 GMT Resent-Message-Id: <200810221740.m9MHe1eR039911@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jeffrey Goldberg Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C1C9F10656AB; Wed, 22 Oct 2008 17:36:37 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from n118.ewd.goldmark.org (n118.ewd.goldmark.org [72.64.118.118]) by mx1.freebsd.org (Postfix) with ESMTP id A3F3B8FC28; Wed, 22 Oct 2008 17:36:37 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: by n118.ewd.goldmark.org (Postfix, from userid 1001) id 3829D2E005C; Wed, 22 Oct 2008 12:21:04 -0500 (CDT) Message-Id: <20081022172104.3829D2E005C@n118.ewd.goldmark.org> Date: Wed, 22 Oct 2008 12:21:04 -0500 (CDT) From: Jeffrey Goldberg To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: security-officer@FreeBSD.org Subject: ports/128298: Security: mail/libspf2, mail/libspf2-10 buffer overflow X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jeffrey Goldberg List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2008 17:40:01 -0000 >Number: 128298 >Category: ports >Synopsis: Security: mail/libspf2, mail/libspf2-10 buffer overflow >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 22 17:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Jeffrey Goldberg >Release: FreeBSD 7.1-PRERELEASE i386 >Organization: >Environment: System: FreeBSD dobby.ewd.goldmark.org 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #20: Thu Sep 4 17:09:34 CDT 2008 root@dobby.ewd.goldmark.org:/usr/obj/usr/src/sys/DOBBY i386 >Description: According to reports (I have not verified this personally), versions of libspf2 prior to 1.2.8 are vulnerable to exploits of a buffer overflow due to errors in how SPF records are parsed http://www.doxpara.com/?page_id=1256 >How-To-Repeat: >Fix: Upgrade to libspf2 version 1.2.8 >Release-Note: >Audit-Trail: >Unformatted: