Bug 66874 - [patch] update www/neon 0.24.5 -> 0.24.6
Summary: [patch] update www/neon 0.24.5 -> 0.24.6
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Lev A. Serebryakov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-19 12:50 UTC by Frank Ruell
Modified: 2004-05-22 18:16 UTC (History)
1 user (show)

See Also:


Attachments
neon-0.24.6.patch (618 bytes, patch)
2004-05-19 12:50 UTC, Frank Ruell
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Frank Ruell 2004-05-19 12:50:18 UTC
	* Please close ports/66871, sorry for any inconvenience.

	Update to new version. There's a security isssue with the
	old version.
	Quote from http://security.e-matters.de/advisories/062004.html
	" A vulnerability within a libneon date parsing function could
	cause a heap overflow which could lead to remote code
	execution, depending on the application using libneon."

	It will be CVE CAN-2004-0398,
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398
Comment 1 Oliver Eikemeier 2004-05-19 13:39:50 UTC
Frank Ruell wrote:

>>Number:         66874
>>Category:       ports
>>Synopsis:       [patch] update www/neon 0.24.5 -> 0.24.6
[...]
> 
> 	Update to new version. There's a security isssue with the
> 	old version.
> 	Quote from http://security.e-matters.de/advisories/062004.html
> 	" A vulnerability within a libneon date parsing function could
> 	cause a heap overflow which could lead to remote code
> 	execution, depending on the application using libneon."
> 
> 	It will be CVE CAN-2004-0398,
> 	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398

Please add a patch for the security database or CC: the Security Officer Team
when submitting security related issues, see
  <http://www.freebsd.org/security/#how>

-Oliver
Comment 2 Oliver Eikemeier freebsd_committer 2004-05-19 13:40:25 UTC
Responsible Changed
From-To: freebsd-ports-bugs->lev

Over to maintainer
Comment 3 Frank Ruell 2004-05-19 15:16:24 UTC
Hi Oliver,

thanks for the suggestion, will use CC: next time. Wanted to wait with
mailing security@ until I know if devel/tla is also affected.


cheers,
Frank
Comment 4 Lev A. Serebryakov freebsd_committer 2004-05-22 18:15:45 UTC
State Changed
From-To: open->closed


Committed, Thanks!