svn commit: r306428 - in head: mail/exim security/vuxml
Eygene Ryabinkin
rea at FreeBSD.org
Fri Oct 26 08:46:41 UTC 2012
Author: rea
Date: Fri Oct 26 08:46:40 2012
New Revision: 306428
URL: http://svn.freebsd.org/changeset/ports/306428
Log:
mail/exim: upgrade to 4.80.1
This is bugfix-only release, it eliminates remote code execution
in the DKIM code.
Security: http://www.vuxml.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html
QA page: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1
Feature safe: yes
Modified:
head/mail/exim/Makefile
head/mail/exim/distinfo
head/security/vuxml/vuln.xml
Modified: head/mail/exim/Makefile
==============================================================================
--- head/mail/exim/Makefile Fri Oct 26 08:37:10 2012 (r306427)
+++ head/mail/exim/Makefile Fri Oct 26 08:46:40 2012 (r306428)
@@ -78,7 +78,7 @@ PLIST_SUB+= SO_1024=""
PLIST_SUB+= SO_1024="@comment "
.endif
-EXIM_VERSION= 4.80
+EXIM_VERSION= 4.80.1
SA_EXIM_VERSION=4.2
SO_1024_VERSION=3.2
Modified: head/mail/exim/distinfo
==============================================================================
--- head/mail/exim/distinfo Fri Oct 26 08:37:10 2012 (r306427)
+++ head/mail/exim/distinfo Fri Oct 26 08:46:40 2012 (r306428)
@@ -1,5 +1,5 @@
-SHA256 (exim/exim-4.80.tar.bz2) = 787b6defd37fa75311737bcfc42e9e2b2cc62c5d027eed35bb7d800b2d9a0984
-SIZE (exim/exim-4.80.tar.bz2) = 1649827
+SHA256 (exim/exim-4.80.1.tar.bz2) = 9565b10f06be224fd03adafae2e07e6fdbb479f8873e3894ddb13f98eeebe78f
+SIZE (exim/exim-4.80.1.tar.bz2) = 1650082
SHA256 (exim/sa-exim-4.2.tar.gz) = 72e0a735547f18b05785e6c58a71d24623858f0f5234a5dc0e24cb453999e99a
SIZE (exim/sa-exim-4.2.tar.gz) = 66575
SHA256 (exim/spamooborona1024-src-3.2.tar.gz) = ab22a430f3860460045f6b213c68c89700a0cd10cbb6c7a808ece326c53787ee
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Oct 26 08:37:10 2012 (r306427)
+++ head/security/vuxml/vuln.xml Fri Oct 26 08:46:40 2012 (r306428)
@@ -51,6 +51,45 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="b0f3ab1f-1f3b-11e2-8fe9-0022156e8794">
+ <topic>Exim -- remote code execution</topic>
+ <affects>
+ <package>
+ <name>exim</name>
+ <range><ge>4.70</ge><lt>4.80.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>This vulnerability affects Exim instances built with DKIM
+ enabled (this is the default for FreeBSD Exim port) and running
+ verification of DKIM signatures on the incoming mail
+ messages.</p>
+ <p>Phil Penncock reports:</p>
+ <blockquote cite="https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html">
+ <p>This is a SECURITY release, addressing a CRITICAL remote
+ code execution flaw in versions of Exim between 4.70 and
+ 4.80 inclusive, when built with DKIM support (the default).</p>
+ <p>This security vulnerability can be exploited by anyone
+ who can send email from a domain for which they control the
+ DNS.</p>
+ <p>You are not vulnerable if you built Exim with DISABLE_DKIM
+ or if you put this at the start of an ACL plumbed into
+ acl_smtp_connect or acl_smtp_rcpt:</p>
+ <pre>warn control = dkim_disable_verify</pre>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-5671</cvename>
+ <url>https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html</url>
+ </references>
+ <dates>
+ <discovery>2012-10-25</discovery>
+ <entry>2012-10-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5f326d75-1db9-11e2-bc8f-d0df9acfd7e5">
<topic>django -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list