Date: Sun, 28 Aug 2011 00:36:23 +0200 From: "Uffe R. B. Andersen" <urb@twe.net> To: freebsd-ports@freebsd.org Subject: Re: mail/postfix-policyd-spf relies on vulnerable mail/libspf2-10 Message-ID: <4E597167.8030403@twe.net> In-Reply-To: <4E595C14.9030503@FreeBSD.org> References: <4E57FBC1.1020009@FreeBSD.org> <4E580082.1030202@FreeBSD.org> <4E59324E.5070602@twe.net> <4E595C14.9030503@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Den 27-08-2011 23:05, Doug Barton skrev: >> libspf2 port is currently libspf2-1.2.9_1 and according to the >> page you refer to, the vulnerability affects libspf2 <1.2.8. > > Yes, that was my point. :) mail/libspf2-10 and mail/libspf2 are > different ports. mail/postfix-policyd-spf currently relies on the > former, it needs to be fixed to work with the latter instead. Sorry for missing that point, but as mail/libspf2-10 and mail/libspf2 are different ports, why should vulnerabilities listed for only one of them apply for both? [root@localhost libspf2-10]# portaudit libspf2-10 0 problem(s) found. [root@localhost libspf2-10]# portaudit libspf2 Affected package: libspf2 Type of problem: libspf2 -- Buffer overflow. Reference: http://portaudit.FreeBSD.org/2ddbfd29-a455-11dd-a55e-00163e000016.html 1 problem(s) found. According to portaudit, libspf2-10 has no known problems. Apart from that, I use the postfix-policyd-spf-perl instead and the associated perl module apparently use libspf2. - -- Med venlig hilsen - Sincerely Uffe R. B. Andersen - mailto:urb@twe.net http://blog.andersen.nu/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) iEYEARECAAYFAk5ZcWcACgkQxC95nUQcrpjiSgCg8aWp2ZLXe8badoDO7Q5rFkuz JHYAoPF5s5So156WHx9++90jAN+V6zZA =cLxk -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E597167.8030403>