* Please close ports/66871, sorry for any inconvenience. Update to new version. There's a security isssue with the old version. Quote from http://security.e-matters.de/advisories/062004.html " A vulnerability within a libneon date parsing function could cause a heap overflow which could lead to remote code execution, depending on the application using libneon." It will be CVE CAN-2004-0398, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398
Frank Ruell wrote: >>Number: 66874 >>Category: ports >>Synopsis: [patch] update www/neon 0.24.5 -> 0.24.6 [...] > > Update to new version. There's a security isssue with the > old version. > Quote from http://security.e-matters.de/advisories/062004.html > " A vulnerability within a libneon date parsing function could > cause a heap overflow which could lead to remote code > execution, depending on the application using libneon." > > It will be CVE CAN-2004-0398, > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398 Please add a patch for the security database or CC: the Security Officer Team when submitting security related issues, see <http://www.freebsd.org/security/#how> -Oliver
Responsible Changed From-To: freebsd-ports-bugs->lev Over to maintainer
Hi Oliver, thanks for the suggestion, will use CC: next time. Wanted to wait with mailing security@ until I know if devel/tla is also affected. cheers, Frank
State Changed From-To: open->closed Committed, Thanks!