svn commit: r308171 - in head: mail/bogofilter mail/bogofilter-sqlite mail/bogofilter-tc security/vuxml
Matthias Andree
mandree at FreeBSD.org
Mon Dec 3 20:16:22 UTC 2012
Author: mandree
Date: Mon Dec 3 20:16:21 2012
New Revision: 308171
URL: http://svnweb.freebsd.org/changeset/ports/308171
Log:
Update bogofilter to new upstream release 1.2.3.
Security update to fix a heap corruption bug with invalid base64 input,
reported and fixed by Julius Plenz, FU Berlin, Germany.
Feature safe: yes
Security: CVE-2012-5468
Security: f524d8e0-3d83-11e2-807a-080027ef73ec
Modified:
head/mail/bogofilter-sqlite/Makefile (contents, props changed)
head/mail/bogofilter-tc/Makefile (contents, props changed)
head/mail/bogofilter/Makefile (contents, props changed)
head/mail/bogofilter/distinfo (contents, props changed)
head/security/vuxml/vuln.xml
Modified: head/mail/bogofilter-sqlite/Makefile
==============================================================================
--- head/mail/bogofilter-sqlite/Makefile Mon Dec 3 20:12:49 2012 (r308170)
+++ head/mail/bogofilter-sqlite/Makefile Mon Dec 3 20:16:21 2012 (r308171)
@@ -6,7 +6,7 @@
#
PORTNAME= bogofilter
-PORTREVISION= 2
+PORTREVISION= 0
CATEGORIES= mail
PKGNAMESUFFIX= -sqlite
Modified: head/mail/bogofilter-tc/Makefile
==============================================================================
--- head/mail/bogofilter-tc/Makefile Mon Dec 3 20:12:49 2012 (r308170)
+++ head/mail/bogofilter-tc/Makefile Mon Dec 3 20:16:21 2012 (r308171)
@@ -6,7 +6,7 @@
#
PORTNAME= bogofilter
-PORTREVISION= 2
+PORTREVISION= 0
CATEGORIES= mail
PKGNAMESUFFIX= -tc
Modified: head/mail/bogofilter/Makefile
==============================================================================
--- head/mail/bogofilter/Makefile Mon Dec 3 20:12:49 2012 (r308170)
+++ head/mail/bogofilter/Makefile Mon Dec 3 20:16:21 2012 (r308171)
@@ -6,8 +6,8 @@
#
PORTNAME= bogofilter
-PORTVERSION= 1.2.2
-PORTREVISION?= 3
+PORTVERSION= 1.2.3
+PORTREVISION?= 0
CATEGORIES?= mail
MASTER_SITES= SF/bogofilter/bogofilter-current/bogofilter-${PORTVERSION}
Modified: head/mail/bogofilter/distinfo
==============================================================================
--- head/mail/bogofilter/distinfo Mon Dec 3 20:12:49 2012 (r308170)
+++ head/mail/bogofilter/distinfo Mon Dec 3 20:16:21 2012 (r308171)
@@ -1,2 +1,2 @@
-SHA256 (bogofilter-1.2.2.tar.bz2) = d8cfd1e68375ac8131de8a6998a38ee5b3f7d1151e71efd2b436183545216039
-SIZE (bogofilter-1.2.2.tar.bz2) = 867043
+SHA256 (bogofilter-1.2.3.tar.bz2) = 8ed85fc5ff03d9b07986ee2ce33e1149e30abe2ad8bae1d0c94503ccd2c92e76
+SIZE (bogofilter-1.2.3.tar.bz2) = 868902
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Dec 3 20:12:49 2012 (r308170)
+++ head/security/vuxml/vuln.xml Mon Dec 3 20:16:21 2012 (r308171)
@@ -51,6 +51,31 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f524d8e0-3d83-11e2-807a-080027ef73ec">
+ <topic>bogofilter -- heap corruption by invalid base64 input</topic>
+ <affects>
+ <package> <name>bogofilter</name> <range><lt>1.2.3</lt></range> </package>
+ <package> <name>bogofilter-sqlite</name> <range><lt>1.2.3</lt></range> </package>
+ <package> <name>bogofilter-tc</name> <range><lt>1.2.3</lt></range> </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>David Relson reports:</p>
+ <blockquote cite="https://bogofilter.svn.sourceforge.net/svnroot/bogofilter/trunk/bogofilter/NEWS">
+ <p>Fix a heap corruption in base64 decoder on invalid input.
+ Analysis and patch by Julius Plenz, [FU Berlin, Germany].</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-5468</cvename>
+ </references>
+ <dates>
+ <discovery>2012-10-17</discovery>
+ <entry>2012-12-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5af51ae9-3acd-11e2-a4eb-00262d5ed8ee">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list