85225 – [maintainer update][security] Update port mail/elm to remove remote exploit

Bug 85225 - [maintainer update][security] Update port mail/elm to remove remote exploit

Summary: [maintainer update][security] Update port mail/elm to remove remote exploit

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Sergey Matveychuk

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-08-22 18:30 UTC by toasty
Modified:	2005-08-24 21:32 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (1.65 KB, patch) 2005-08-22 18:30 UTC, toasty	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description toasty 2005-08-22 18:30:25 UTC

Port mail/elm has a remotely exploitable buffer overflow while parsing carefully crafted invalid headers in email messages.

Comment 1 Sergey Matveychuk freebsd_committer

2005-08-23 17:26:06 UTC

Is somewhere documented this vulnerability?

--
Sem.

Comment 2 toasty 2005-08-23 17:59:47 UTC

On Aug 23, 2005, at 11:26 AM, Sergey Matveychuk wrote:


> Is somewhere documented this vulnerability?
>
> --
> Sem.
>
>


http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html

http://www.securityfocus.com/archive/1/408766/30/0/threaded

Comment 3 Sergey Matveychuk freebsd_committer

2005-08-23 20:45:35 UTC

===>  Deinstalling for mail/elm
===>   Deinstalling elm-2.5.8
pkg_delete: file '/usr/local/man/cat1/answer.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/checkalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/elm.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/elmalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/fastmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/frm.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/listalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/messages.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/mmencode.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/newalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/newmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/printmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/readmsg.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/wnewmail.1' doesn't exist
pkg_delete: couldn't entirely delete package (perhaps the packing list is
incorrectly specified?)

--
Sem.

Comment 4 Sergey Matveychuk freebsd_committer

2005-08-23 20:49:15 UTC

It works fine when I removed the lines from pkg-plist:
@comment This is to fix the catman install during de-install
man/cat1/answer.1
man/cat1/checkalias.1
man/cat1/elm.1
man/cat1/elmalias.1
man/cat1/fastmail.1
man/cat1/frm.1
man/cat1/listalias.1
man/cat1/messages.1
man/cat1/mmencode.1
man/cat1/newalias.1
man/cat1/newmail.1
man/cat1/printmail.1
man/cat1/readmsg.1
man/cat1/wnewmail.1

--
Sem.

Comment 5 Sergey Matveychuk freebsd_committer

2005-08-23 20:51:03 UTC

Responsible Changed
From-To: freebsd-ports-bugs->sem

Take it

Comment 6 Sergey Matveychuk freebsd_committer

2005-08-24 18:43:38 UTC

State Changed
From-To: open->analyzed

Analyzed, wait for portmgr approval

Comment 7 Sergey Matveychuk freebsd_committer

2005-08-24 21:32:20 UTC

State Changed
From-To: analyzed->closed

Committed with modifications, thanks! 
pkg-plist was fixed.