Bug 73144 - [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8
Summary: [MAINTAINER] mail/bogofilter: SECURITY update to 0.92.8
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
Depends on:
Reported: 2004-10-26 03:10 UTC by Matthias Andree
Modified: 2004-10-26 06:04 UTC (History)
1 user (show)

See Also:

bogofilter-0.92.8.patch (1.17 KB, patch)
2004-10-26 03:10 UTC, Matthias Andree
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree 2004-10-26 03:10:29 UTC
- Update to 0.92.8

This update fixes among many other tiny bugs one security bug that allows a
remote attacker to cause a denial of service in bogofilter, by crashing it;
a malformatted (non-conformant) RFC-2047 encoded word triggers an attempt to
write a terminating NUL byte past the end of a buffer or (more commonly) into
the zero-page, which causes a segfault.

Depending on the exact MTA/MDA configuration on the receiving machine, this can
cause a denial of service of the mail system.

Please consider committing this on the RELENG_5_3 branch of the ports tree, too.

The original problem was reported against Debian Linux's package by
Antti-Juhani Kaijanaho, see http://bugs.debian.org/275373, and forwarded by
Clint Adams.

A vuxml.xml entry will be sent in a separate mail so it can contain this PR's
serial number.

Generated with FreeBSD Port Tools 0.63
Comment 1 Kirill Ponomarev freebsd_committer freebsd_triage 2004-10-26 06:04:10 UTC
State Changed
From-To: open->closed

Committed, thanks!