70874 – Security update port: mail/ripmime from 1.3.2.2 to 1.3.2.3

Bug 70874 - Security update port: mail/ripmime from 1.3.2.2 to 1.3.2.3

Summary: Security update port: mail/ripmime from 1.3.2.2 to 1.3.2.3

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-08-23 17:40 UTC by Esa Karkkainen
Modified:	2004-08-27 11:36 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (690 bytes, patch) 2004-08-23 17:40 UTC, Esa Karkkainen	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Esa Karkkainen 2004-08-23 17:40:23 UTC

Security update to mail/ripmime. Version 1.3.2.3 supposedly has fix to
"ripMIME attachment extraction bypass". For more information can be found at 

http://www.freebsd.org/ports/portaudit/85e19dff-e606-11d8-9b0a-000347a4fa7d.html

Information I read at above mentioned URL is also the reason why I submitted
this PR. Above mentioned URL contains reference to
"ports/security/vuxml/vuln.xml". I did not find any reference to
"ripMIME attachment extraction bypass" when I searched the "vuln.xml".

How-To-Repeat: # portaudit -Fa
# cd /usr/ports/mail/ripmime && make all

Comment 1 Volker Stolz freebsd_committer

2004-08-27 10:54:31 UTC

Dear maintainer, please review the proposed patch.

Volker

Comment 2 Volker Stolz freebsd_committer

2004-08-27 10:54:59 UTC

State Changed
From-To: open->feedback

Forwarded PR to maintainer

Comment 3 Justin Stanford 2004-08-27 11:21:37 UTC

Go ahead!

Regards,
Justin

-----------------------------------------------------------------
| Justin Stanford                 4D Digital Security (Pty) Ltd |
| Infosec Consultant                        Tel: +27 21 6879185 |
| PGP: www.4dds.co.za/justin-pgp.txt       Cell: +27 82 7402741 |
-----------------------------------------------------------------

On Fri, 27 Aug 2004, Volker Stolz wrote:

> Dear maintainer, please review the proposed patch.
>
> Volker
>

Comment 4 Volker Stolz freebsd_committer

2004-08-27 11:36:23 UTC

State Changed
From-To: feedback->closed

Committed, thanks! 
Indeed, the vulnerability is only in portaudit's db, not VuXML's.