73144 – [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8

Bug 73144 - [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8

Summary: [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-10-26 03:10 UTC by Matthias Andree
Modified:	2004-10-26 06:04 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
bogofilter-0.92.8.patch (1.17 KB, patch) 2004-10-26 03:10 UTC, Matthias Andree	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Andree 2004-10-26 03:10:29 UTC

- Update to 0.92.8

This update fixes among many other tiny bugs one security bug that allows a
remote attacker to cause a denial of service in bogofilter, by crashing it;
a malformatted (non-conformant) RFC-2047 encoded word triggers an attempt to
write a terminating NUL byte past the end of a buffer or (more commonly) into
the zero-page, which causes a segfault.

Depending on the exact MTA/MDA configuration on the receiving machine, this can
cause a denial of service of the mail system.

Please consider committing this on the RELENG_5_3 branch of the ports tree, too.

The original problem was reported against Debian Linux's package by
Antti-Juhani Kaijanaho, see http://bugs.debian.org/275373, and forwarded by
Clint Adams.

A vuxml.xml entry will be sent in a separate mail so it can contain this PR's
serial number.

Generated with FreeBSD Port Tools 0.63

Comment 1 Kirill Ponomarev freebsd_committer

2004-10-26 06:04:10 UTC

State Changed
From-To: open->closed

Committed, thanks!