Date: Thu, 30 May 2002 00:30:40 +0100 (BST) From: Dominic Marks <dominic_marks@btinternet.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/38716: SECURITY UPDATE: security/fragroute Message-ID: <20020529233040.02D6637E@host217-39-111-112.in-addr.btopenworld.com>
next in thread | raw e-mail | index | archive | help
>Number: 38716 >Category: ports >Synopsis: SECURITY UPDATE: security/fragroute >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed May 29 16:40:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Dominic Marks >Release: FreeBSD 4.6-RC i386 >Organization: Student >Environment: System: FreeBSD 4.6-RC i386 >Description: The previous checksum for the tarball should be changed, monkey.org was cracked and the fragroute application backdoored (in the same was as irssi). To avoid wrongly identifying the current (corrected) tarball as incorrect this patch is required. I have communicated to the author (Dug Song) myself and confirmed the md5 in this diff is valid. I have also bumped the PORTREVISION. Anyone who installed this port should conduct an IMMEDIATE security audit of their systems. I imagine this includes the port build cluster. >How-To-Repeat: NA. >Fix: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/fragroute/Makefile,v retrieving revision 1.1 diff -u -r1.1 Makefile --- Makefile 2002/05/27 01:53:33 1.1 +++ Makefile 2002/05/29 23:28:12 @@ -7,6 +7,7 @@ PORTNAME= fragroute PORTVERSION= 1.2 +PORTREVISION= 1 CATEGORIES= security net MASTER_SITES= http://www.monkey.org/~dugsong/fragroute/ Index: distinfo =================================================================== RCS file: /home/ncvs/ports/security/fragroute/distinfo,v retrieving revision 1.1 diff -u -r1.1 distinfo --- distinfo 2002/05/27 01:53:33 1.1 +++ distinfo 2002/05/29 23:28:12 @@ -1 +1 @@ -MD5 (fragroute-1.2.tar.gz) = 65edbfc51f8070517f14ceeb8f721075 +MD5 (fragroute-1.2.tar.gz) = 7e4de763fae35a50e871bdcd1ac8e23a >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020529233040.02D6637E>