Bug 85225

Summary: [maintainer update][security] Update port mail/elm to remove remote exploit
Product: Ports & Packages Reporter: toasty <toasty>
Component: Individual Port(s)Assignee: Sergey Matveychuk <sem>
Status: Closed FIXED    
Severity: Affects Only Me CC: toasty
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description toasty 2005-08-22 18:30:25 UTC 
Port mail/elm has a remotely exploitable buffer overflow while parsing carefully crafted invalid headers in email messages.
Comment 1 Sergey Matveychuk freebsd_committer freebsd_triage 2005-08-23 17:26:06 UTC 
Is somewhere documented this vulnerability?

--
Sem.
Comment 2 toasty 2005-08-23 17:59:47 UTC 
On Aug 23, 2005, at 11:26 AM, Sergey Matveychuk wrote:


> Is somewhere documented this vulnerability?
>
> --
> Sem.
>
>


http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html

http://www.securityfocus.com/archive/1/408766/30/0/threaded
Comment 3 Sergey Matveychuk freebsd_committer freebsd_triage 2005-08-23 20:45:35 UTC 
===>  Deinstalling for mail/elm
===>   Deinstalling elm-2.5.8
pkg_delete: file '/usr/local/man/cat1/answer.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/checkalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/elm.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/elmalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/fastmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/frm.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/listalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/messages.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/mmencode.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/newalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/newmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/printmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/readmsg.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/wnewmail.1' doesn't exist
pkg_delete: couldn't entirely delete package (perhaps the packing list is
incorrectly specified?)

--
Sem.
Comment 4 Sergey Matveychuk freebsd_committer freebsd_triage 2005-08-23 20:49:15 UTC 
It works fine when I removed the lines from pkg-plist:
@comment This is to fix the catman install during de-install
man/cat1/answer.1
man/cat1/checkalias.1
man/cat1/elm.1
man/cat1/elmalias.1
man/cat1/fastmail.1
man/cat1/frm.1
man/cat1/listalias.1
man/cat1/messages.1
man/cat1/mmencode.1
man/cat1/newalias.1
man/cat1/newmail.1
man/cat1/printmail.1
man/cat1/readmsg.1
man/cat1/wnewmail.1

--
Sem.
Comment 5 Sergey Matveychuk freebsd_committer freebsd_triage 2005-08-23 20:51:03 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->sem

Take it
Comment 6 Sergey Matveychuk freebsd_committer freebsd_triage 2005-08-24 18:43:38 UTC 
State Changed
From-To: open->analyzed

Analyzed, wait for portmgr approval
Comment 7 Sergey Matveychuk freebsd_committer freebsd_triage 2005-08-24 21:32:20 UTC 
State Changed
From-To: analyzed->closed

Committed with modifications, thanks! 
pkg-plist was fixed.