Bug 128298 - Security: mail/libspf2, mail/libspf2-10 buffer overflow
Summary: Security: mail/libspf2, mail/libspf2-10 buffer overflow
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Marcus Alves Grando
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-22 18:40 UTC by Jeffrey Goldberg
Modified: 2009-02-02 08:12 UTC (History)
1 user (show)

See Also:

Attachments
libspf2.diff (10.71 KB, patch)
2008-10-24 10:31 UTC, Hajimu UMEMOTO 		no flags Details | Diff
file.dat (131 bytes, text/plain; charset=US-ASCII)
2008-10-24 10:31 UTC, Hajimu UMEMOTO 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeffrey Goldberg 2008-10-22 18:40:01 UTC 
	According to reports (I have not verified this personally), versions
        of libspf2 prior to 1.2.8 are vulnerable to exploits of a buffer
        overflow due to errors in how SPF records are parsed

          http://www.doxpara.com/?page_id=1256

Fix: 

Upgrade to libspf2 version 1.2.8
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-10-22 18:40:10 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->mnag

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Hajimu UMEMOTO freebsd_committer freebsd_triage 2008-10-24 10:31:40 UTC 
Hi,

>>>>> On Wed, 22 Oct 2008 12:21:04 -0500 (CDT)
>>>>> Jeffrey Goldberg <jeffrey@goldmark.org> said:

jeffrey> 	Upgrade to libspf2 version 1.2.8

I mode a patch to upgrade mail/libspf2 to 1.2.8.  The patch is
attached.

Sincerely,
Comment 3 dfilter service freebsd_committer freebsd_triage 2008-10-29 12:49:00 UTC 
mnag        2008-10-29 12:48:50 UTC

  FreeBSD ports repository

  Modified files:
    mail/libspf2         Makefile distinfo pkg-plist 
    mail/libspf2/files   patch-src_libspf2_spf__dns__resolv.c 
                         patch-src_spf__example_spf__example.c 
  Removed files:
    mail/libspf2/files   patch-RFC4408-DOS patch-configure 
                         patch-src__libspf2__spf_interpret.c 
                         patch-src_include_spf__server.h 
                         patch-src_spfquery_spfquery.c 
  Log:
  - Update to 1.2.8
  
  PR:             128298
  Submitted by:   Jeffrey Goldberg <jeffrey___goldmark.org>
  
  Revision  Changes    Path
  1.14      +1 -2      ports/mail/libspf2/Makefile
  1.4       +3 -3      ports/mail/libspf2/distinfo
  1.2       +0 -49     ports/mail/libspf2/files/patch-RFC4408-DOS (dead)
  1.3       +0 -15     ports/mail/libspf2/files/patch-configure (dead)
  1.2       +0 -13     ports/mail/libspf2/files/patch-src__libspf2__spf_interpret.c (dead)
  1.2       +0 -10     ports/mail/libspf2/files/patch-src_include_spf__server.h (dead)
  1.3       +9 -86     ports/mail/libspf2/files/patch-src_libspf2_spf__dns__resolv.c
  1.2       +0 -29     ports/mail/libspf2/files/patch-src_spf__example_spf__example.c
  1.2       +0 -11     ports/mail/libspf2/files/patch-src_spfquery_spfquery.c (dead)
  1.4       +1 -1      ports/mail/libspf2/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Mark Linimon freebsd_committer freebsd_triage 2009-02-02 08:12:12 UTC 
State Changed
From-To: open->closed

Committed last October.