Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 27 Aug 2011 14:05:24 -0700
From:      Doug Barton <dougb@FreeBSD.org>
To:        urb@twe.net
Cc:        mnag@FreeBSD.org, freebsd-ports@freebsd.org
Subject:   Re: mail/postfix-policyd-spf relies on vulnerable mail/libspf2-10
Message-ID:  <4E595C14.9030503@FreeBSD.org>
In-Reply-To: <4E59324E.5070602@twe.net>
References:  <4E57FBC1.1020009@FreeBSD.org> <4E580082.1030202@FreeBSD.org> <4E59324E.5070602@twe.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/27/2011 11:07, Uffe R. B. Andersen wrote:
> Den 26-08-2011 22:22, Doug Barton skrev:
>> Howdy,
> 
>> Doing some port updates and noticed that mail/postfix-policyd-spf
>> relies on mail/libspf2-10, which according to 
>> http://portaudit.FreeBSD.org/2ddbfd29-a455-11dd-a55e-00163e000016.html
> 
> 
> is vulnerable. There is a port of mail/libspf2 which is not vulnerable,
>> is it possible to update mail/postfix-policyd-spf to rely on it
>> instead?
> 
> libspf2 port is currently libspf2-1.2.9_1 and according to the page
> you refer to, the vulnerability affects libspf2 <1.2.8.

Yes, that was my point. :)  mail/libspf2-10 and mail/libspf2 are
different ports. mail/postfix-policyd-spf currently relies on the
former, it needs to be fixed to work with the latter instead.


Doug

- -- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)

iQEcBAEBCAAGBQJOWVwUAAoJEFzGhvEaGryEQRUH/172rPtxYdWnCOotkqPZvYr3
3qRFYd6EqQWklnAZ50WB7TwyrIqHaIv9GdU3GR6wh0Hll+CbdUIqqghn4VkjPKZ1
0pIwD6kqkZmunNzXlfWB9MTscZGFrkSzDfhg69I8pZ5mbtCu3NPi00GSm2rTd+/h
IP2LeOz8NkkwVmxpP1ysX36W7E61pP56f4pyv3JUZQ09ZZbM3ipeabOxFEc8E3CL
Qf6kNHrJa2ZhNkaaJluQIBhbjXylJ98LGnqBHnhOi0CmIqsGDn64/ujqX+1cZfsb
AScG3n0KNMOJCEa9Q3yW3FGlCVcoTNm3tl/HZVSQHvSSCyRakisJcZlK5KMY9fs=
=Qms2
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E595C14.9030503>