ports/66874: [patch] update www/neon 0.24.5 -> 0.24.6
Frank Ruell
stoerte at dreamwarrior.net
Wed May 19 11:50:41 UTC 2004
>Number: 66874
>Category: ports
>Synopsis: [patch] update www/neon 0.24.5 -> 0.24.6
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed May 19 04:50:18 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Frank Ruell
>Release: FreeBSD 5.2.1-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD dreamwarrior.foobar.ath.cx 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #1: Mon Apr 12 03:13:36 CEST 2004 root@:/usr/obj/usr/src/sys/Dreamwarrior i386
>Description:
* Please close ports/66871, sorry for any inconvenience.
Update to new version. There's a security isssue with the
old version.
Quote from http://security.e-matters.de/advisories/062004.html
" A vulnerability within a libneon date parsing function could
cause a heap overflow which could lead to remote code
execution, depending on the application using libneon."
It will be CVE CAN-2004-0398,
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398
>How-To-Repeat:
>Fix:
--- neon-0.24.6.patch begins here ---
diff -ruN neon.orig/Makefile neon/Makefile
--- neon.orig/Makefile Sun Apr 18 08:38:48 2004
+++ neon/Makefile Wed May 19 13:15:34 2004
@@ -6,7 +6,7 @@
#
PORTNAME= neon
-PORTVERSION= 0.24.5
+PORTVERSION= 0.24.6
CATEGORIES= www
MASTER_SITES= http://www.webdav.org/neon/
diff -ruN neon.orig/distinfo neon/distinfo
--- neon.orig/distinfo Sun Apr 18 08:38:48 2004
+++ neon/distinfo Wed May 19 13:17:31 2004
@@ -1,2 +1,2 @@
-MD5 (neon-0.24.5.tar.gz) = 69c2a079ea0ab01c6c39e8e01a58c665
-SIZE (neon-0.24.5.tar.gz) = 599383
+MD5 (neon-0.24.6.tar.gz) = e9473de23f9a57b23247d005efb5ebd7
+SIZE (neon-0.24.6.tar.gz) = 600129
--- neon-0.24.6.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list