Bug 76852 - [PATCH] textproc/unrtf: fix vulnerability
Summary: [PATCH] textproc/unrtf: fix vulnerability
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-30 12:50 UTC by Stefan Walter
Modified: 2005-02-11 13:39 UTC (History)
1 user (show)

See Also:


Attachments
unrtf-0.19.3_1.patch (1.31 KB, patch)
2005-01-30 12:50 UTC, Stefan Walter
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Walter 2005-01-30 12:50:26 UTC
- Attempt to fix the exploitable security issue described at
  http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by
  replacing strcat() with strncat(). Please note that I wasn't able to
  reproduce the exploit described at
  http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system.
  Feedback of someone who can reproduce the exploit with an unpatched unrtf
  would be appreciated.
- Bump PORTREVISION.
- Remove old master site that doesn't seem to have the distfile any more.

Security Team cc'd.

Added file(s):
- files/patch-convert.c

Generated with FreeBSD Port Tools 0.63
Comment 1 Alexey Dokuchaev freebsd_committer 2005-02-11 13:38:53 UTC
State Changed
From-To: open->closed

Fix committed, thanks!