68461 – [patch] port www/sitecopy use vulnerable libneon (bundled)

Bug 68461 - [patch] port www/sitecopy use vulnerable libneon (bundled)

Summary: [patch] port www/sitecopy use vulnerable libneon (bundled)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Jimmy Olgeni

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-06-29 01:00 UTC by Thomas L. Kjeldsen
Modified:	2004-06-29 07:46 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (575 bytes, patch) 2004-06-29 01:00 UTC, Thomas L. Kjeldsen	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas L. Kjeldsen 2004-06-29 01:00:49 UTC

According to http://www.openpkg.org/security/OpenPKG-SA-2004.024-neon.html sitecopy upstream is delivered with vulnerable libneon.

Quoting from http://bugs.gentoo.org/show_bug.cgi?id=51585 "The author of that package has indicated he has no immediate plans to release a new version of his program that contains the fixes for the security vulnerability."

Fix: Kurt V. Hindenburg provided a gentoo ebuild patch to make sitecopy use libneon as a shared library instead of the bundled which is vulnerable. Here is a unified diff to make the freebsd port do the same:

Comment 1 Mark Linimon freebsd_committer

2004-06-29 06:59:43 UTC

Responsible Changed
From-To: freebsd-ports-bugs->olgeni

Over to maintainer.

Comment 2 Jimmy Olgeni freebsd_committer

2004-06-29 07:45:48 UTC

State Changed
From-To: open->closed

Committed, thanks!