ports/117882: mail/prayer needs update
Mats Dufberg
mats at dufberg.se
Wed Nov 7 00:10:02 UTC 2007
>Number: 117882
>Category: ports
>Synopsis: mail/prayer needs update
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Nov 07 00:10:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Mats Dufberg
>Release: FreeBSD 5.5-RELEASE-p16 i386
>Organization:
private
>Environment:
System: FreeBSD kafka.narnia.pp.se 5.5-RELEASE-p16 FreeBSD 5.5-RELEASE-p16 #7: Sat Oct 6 23:00:42 CEST 2007 dufberg at kafka.narnia.pp.se:/usr/obj/usr/src/sys/KAFKA i386
>Description:
The current version of mail/prayer is based on prayer
1.0.16. According to the Prayer web site the latest version (1.0.18)
contains important security fixes.
>From documentation in 1.0.18 source:
04/09/2006
==========
Release: Prayer 1.0.18
Important Security fix:
os_connect_unix() had a strcpy() which should have been strncpy() to
prevent buffer overrun. Prayer 1.0.17 was mostly safe.
By 28/06/2006
=============
Release: Prayer 1.0.17
Fix small foulup wuth gethostbyname() calculations when binding Prayer
to specific interfaces.
Cleanups to stop char vs unsigned char warnings with latest c-client.
Make sure that all internal draft messages consistently use CRLF.
Security audit for Prayer frontend following attack:
Optional Chroot environment (See chroot options in config file).
Stripped out debugging code.
>How-To-Repeat:
>Fix:
Upgrade to 1.0.18.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list