Bug 85225 - [maintainer update][security] Update port mail/elm to remove remote exploit
Summary: [maintainer update][security] Update port mail/elm to remove remote exploit
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Sergey Matveychuk
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-22 18:30 UTC by toasty
Modified: 2005-08-24 21:32 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.65 KB, patch)
2005-08-22 18:30 UTC, toasty
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description toasty 2005-08-22 18:30:25 UTC
Port mail/elm has a remotely exploitable buffer overflow while parsing carefully crafted invalid headers in email messages.
Comment 1 Sergey Matveychuk freebsd_committer 2005-08-23 17:26:06 UTC
Is somewhere documented this vulnerability?

--
Sem.
Comment 2 toasty 2005-08-23 17:59:47 UTC
On Aug 23, 2005, at 11:26 AM, Sergey Matveychuk wrote:


> Is somewhere documented this vulnerability?
>
> --
> Sem.
>
>


http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html

http://www.securityfocus.com/archive/1/408766/30/0/threaded
Comment 3 Sergey Matveychuk freebsd_committer 2005-08-23 20:45:35 UTC
===>  Deinstalling for mail/elm
===>   Deinstalling elm-2.5.8
pkg_delete: file '/usr/local/man/cat1/answer.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/checkalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/elm.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/elmalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/fastmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/frm.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/listalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/messages.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/mmencode.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/newalias.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/newmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/printmail.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/readmsg.1' doesn't exist
pkg_delete: file '/usr/local/man/cat1/wnewmail.1' doesn't exist
pkg_delete: couldn't entirely delete package (perhaps the packing list is
incorrectly specified?)

--
Sem.
Comment 4 Sergey Matveychuk freebsd_committer 2005-08-23 20:49:15 UTC
It works fine when I removed the lines from pkg-plist:
@comment This is to fix the catman install during de-install
man/cat1/answer.1
man/cat1/checkalias.1
man/cat1/elm.1
man/cat1/elmalias.1
man/cat1/fastmail.1
man/cat1/frm.1
man/cat1/listalias.1
man/cat1/messages.1
man/cat1/mmencode.1
man/cat1/newalias.1
man/cat1/newmail.1
man/cat1/printmail.1
man/cat1/readmsg.1
man/cat1/wnewmail.1

--
Sem.
Comment 5 Sergey Matveychuk freebsd_committer 2005-08-23 20:51:03 UTC
Responsible Changed
From-To: freebsd-ports-bugs->sem

Take it
Comment 6 Sergey Matveychuk freebsd_committer 2005-08-24 18:43:38 UTC
State Changed
From-To: open->analyzed

Analyzed, wait for portmgr approval
Comment 7 Sergey Matveychuk freebsd_committer 2005-08-24 21:32:20 UTC
State Changed
From-To: analyzed->closed

Committed with modifications, thanks! 
pkg-plist was fixed.