From owner-freebsd-ports Wed Nov 13 3:40: 3 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B0E437B404 for ; Wed, 13 Nov 2002 03:40:02 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DB9D43E75 for ; Wed, 13 Nov 2002 03:40:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gADBe1x3024091 for ; Wed, 13 Nov 2002 03:40:01 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gADBe1UI024090; Wed, 13 Nov 2002 03:40:01 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54D4237B404 for ; Wed, 13 Nov 2002 03:37:39 -0800 (PST) Received: from hermes.mail.nl.demon.net (hermes.mail.nl.demon.net [194.159.72.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFDA543E75 for ; Wed, 13 Nov 2002 03:37:38 -0800 (PST) (envelope-from pdp@nl.demon.net) Received: from samhain.noc.nl.demon.net ([194.159.72.214]) by hermes.mail.nl.demon.net with esmtp (Exim 3.36 #1) id 18Bvpx-0008u7-00 for FreeBSD-gnats-submit@freebsd.org; Wed, 13 Nov 2002 12:37:37 +0100 Received: by samhain.noc.nl.demon.net with local id 18Bvpx-000OJr-00; Wed, 13 Nov 2002 11:37:37 +0000 Message-Id: Date: Wed, 13 Nov 2002 11:37:37 +0000 From: Phil Pennock To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/45266: p5-Mail-Tools security hole; update needed Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 45266 >Category: ports >Synopsis: p5-Mail-Tools security hole; update needed >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Nov 13 03:40:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: Phil Pennock >Release: FreeBSD 4.7-RELEASE-p1 i386 >Organization: THUS Plc >Environment: Any with Perl and Ports:mail/p5-Mail-Tools installs >Description: - Removed the possibility to use 'mailx', which was the default: removal from the detectionn routines and Mail/Mailer/mail.pm. Strongly suggested by [Sebastian Krahmer] mailx can be made to take commands from the mail content, so in some circumstances anyone who can send you email that goes through this module can run arbitrary commands on your machine; allegedly SpamAssassin is open to this. >How-To-Repeat: "use Mail::Mailer" without forcing use of non-default implementation method >Fix: Update port to latest version (1.51); see URL in pkg-descr. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message