Bug 49988 - update to qpopper port
Summary: update to qpopper port
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Mario Sergio Fujikawa Ferreira
Depends on:
Reported: 2003-03-13 15:10 UTC by mike
Modified: 2003-03-15 02:01 UTC (History)
0 users

See Also:

file.diff (383 bytes, patch)
2003-03-13 15:10 UTC, mike
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mike 2003-03-13 15:10:11 UTC
	A security hole exists in qpopper 4.0.4 and before that allows a user with a valid account
	on the server to gain shell access

Fix: An update to 4.0.5 fixes the problem.  The diffs below seem to work just fine
--- Makefile.prev
+++ Makefile
@@ -6,7 +6,7 @@
 PORTNAME=      qpopper
 CATEGORIES=    mail ipv6
 MASTER_SITES=  ftp://ftp.qualcomm.com/eudora/servers/unix/popper/%SUBDIR%/
@@ -17,7 +17,7 @@
 .if ${OSVERSION} >= 400014 && !defined(WITHOUT_IPV6)
 PATCH_SITES=   http://www.imasy.or.jp/~ume/ipv6/
-PATCHFILES=    qpopper4.0.4-ipv6-20020502.diff.gz
+PATCHFILES=    qpopper4.0.5-ipv6-20030313.diff.gz
Comment 1 Norikatsu Shigemura freebsd_committer 2003-03-13 15:20:24 UTC
Responsible Changed
From-To: freebsd-ports-bugs->lioux

Over to maintainer.
Comment 2 Mario Sergio Fujikawa Ferreira freebsd_committer 2003-03-15 02:01:46 UTC
State Changed
From-To: open->closed

Duplicate of PR 49993. Thanks!