http://www.openwall.com/lists/oss-security/2015/09/30/7 Also: http://james.apache.org/download.cgi#Apache_James_Server Apache James 2.3.2.1 is the stable version This release has many enhancements and bug fixes over the previous release. See the Release Notes for a detailed list of changes. Some of the earlier defects could turn a James mail server into an Open Relay and allow files to be written on disk. All users of James Server are urged to upgrade to version v2.3.2.1 as soon as possible.
Take, I'll work on this one.
A commit references this bug: Author: junovitch Date: Thu Oct 1 03:14:15 UTC 2015 New revision: 398246 URL: https://svnweb.freebsd.org/changeset/ports/398246 Log: Document security advisory for the Apache James server PR: 203461 Security: be3069c9-67e7-11e5-9909-002590263bf5 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Sun Oct 4 21:26:11 UTC 2015 New revision: 398623 URL: https://svnweb.freebsd.org/changeset/ports/398623 Log: mail/james: security update 2.3.1 -> 2.3.2.1; while here fix all the things - Add LICENSE and LICENSE_FILE - Add NO_ARCH - Fix PID_FILE using an undefined variable (resulting PID was /var/run/.pid) - Fix .include lines post staging support - Actually use the version number from PLIST_SUB in pkg-plist - Overhaul rc script - Add PROVIDE/REQUIRE/KEYWORD to header - Remove "geronimo" references from when the port was originally copied - Remove %%JAMES_VERSION%% in rc variable names. Every port version bump in the past came with a POLA issue as james231_enable=YES would now have to be james2321_enable=YES. Provide a shim to translate the old variable names and provide a warning to update rc.conf syntax. - Match start routine to embedded start-up script (which enables stop command to work without a java.lang.IllegalThreadStateException) - Add working status routine - Standardize indentation PR: 203461 Security: CVE-2015-7611 Security: be3069c9-67e7-11e5-9909-002590263bf5 MFH: 2015Q4 Changes: head/mail/james/Makefile head/mail/james/distinfo head/mail/james/files/james.in head/mail/james/pkg-plist
A commit references this bug: Author: junovitch Date: Sun Oct 4 21:27:57 UTC 2015 New revision: 398624 URL: https://svnweb.freebsd.org/changeset/ports/398624 Log: Add CVE reference to Apache James entry PR: 203461 Security: CVE-2015-7611 Security: be3069c9-67e7-11e5-9909-002590263bf5 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Mon Oct 5 10:47:48 UTC 2015 New revision: 398638 URL: https://svnweb.freebsd.org/changeset/ports/398638 Log: MFH: r398623 mail/james: security update 2.3.1 -> 2.3.2.1; while here fix all the things - Add LICENSE and LICENSE_FILE - Add NO_ARCH - Fix PID_FILE using an undefined variable (resulting PID was /var/run/.pid) - Fix .include lines post staging support - Actually use the version number from PLIST_SUB in pkg-plist - Overhaul rc script - Add PROVIDE/REQUIRE/KEYWORD to header - Remove "geronimo" references from when the port was originally copied - Remove %%JAMES_VERSION%% in rc variable names. Every port version bump in the past came with a POLA issue as james231_enable=YES would now have to be james2321_enable=YES. Provide a shim to translate the old variable names and provide a warning to update rc.conf syntax. - Match start routine to embedded start-up script (which enables stop command to work without a java.lang.IllegalThreadStateException) - Add working status routine - Standardize indentation PR: 203461 Security: CVE-2015-7611 Security: be3069c9-67e7-11e5-9909-002590263bf5 Approved by: portmgr (erwin) Changes: _U branches/2015Q4/ branches/2015Q4/mail/james/Makefile branches/2015Q4/mail/james/distinfo branches/2015Q4/mail/james/files/james.in branches/2015Q4/mail/james/pkg-plist
Closing. ports/head, ports/branches/2015Q4, and VuXML have all been completed.