diff options
| author | adam <adam@pkgsrc.org> | 2014-05-29 09:27:37 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2014-05-29 09:27:37 +0000 |
| commit | 73b9463764e31d7c42370243732e74dd4caee837 (patch) | |
| tree | f27374be3da215ed9929f2054fc10e7b8a3824b6 /mail/exim | |
| parent | 0ac8e1724a4ab184b6fd17d9b81425d41782c13e (diff) | |
| download | pkgsrc-73b9463764e31d7c42370243732e74dd4caee837.tar.gz | |
Changes 4.82.1:
This is a SECURITY release, addressing a CRITICAL remote code execution
flaw in Exim version 4.82 (only) when built with DMARC support (an
experimental feature, not on by default). This release is identical to
4.82 except for the small change needed to plug the security hole. The
next release of Exim will, eventually, be 4.83, which will include the
many improvements we've made since 4.82, but which will require the
normal release candidate baking process before release.
You are not vulnerable unless you built Exim with EXPERIMENTAL_DMARC.
This issue is known by the CVE ID of CVE-2014-2957, was reported
directly to the Exim development team by a company which uses Exim for
its mail server. An Exim developer constructed a small patch which
altered the way the contents of the From header is parsed by converting
it to use safer and better internal functions. It was applied and
tested on a production server for correctness. We were notified of the
vulnerability Friday night, created a patch on Saturday, applied and
tested it on Sunday, notified OS packagers on Monday/Tuesday, and are
releasing on the next available work day, which is Wednesday.
This is why we have made the smallest feasible changes to prevent
exploit: we want this chagne to be as safe as possible to expedite into
production (if the packages were built with DMARC).
Diffstat (limited to 'mail/exim')
| -rw-r--r-- | mail/exim/Makefile | 5 | ||||
| -rw-r--r-- | mail/exim/distinfo | 8 |
2 files changed, 6 insertions, 7 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile index ec9f0c74057..83508caf571 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.130 2014/04/30 10:21:08 jperkin Exp $ +# $NetBSD: Makefile,v 1.131 2014/05/29 09:27:37 adam Exp $ -DISTNAME= exim-4.82 -PKGREVISION= 2 +DISTNAME= exim-4.82.1 CATEGORIES= mail net MASTER_SITES= ftp://ftp.exim.org/pub/exim/exim4/ \ http://dl.ambiweb.de/mirrors/ftp.exim.org/exim/exim4/ diff --git a/mail/exim/distinfo b/mail/exim/distinfo index 5467db2e643..e62f5e4d5f6 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.57 2014/04/02 17:36:00 wiedi Exp $ +$NetBSD: distinfo,v 1.58 2014/05/29 09:27:37 adam Exp $ -SHA1 (exim-4.82.tar.bz2) = 47b74986bd7c258030b3451d4c5e2723dd29d6cc -RMD160 (exim-4.82.tar.bz2) = b3dc58373576e299a85245df93bbd9cde34c2078 -Size (exim-4.82.tar.bz2) = 1722771 bytes +SHA1 (exim-4.82.1.tar.bz2) = bfb5ae3ab2444d494cdee650983a35dcc10243f5 +RMD160 (exim-4.82.1.tar.bz2) = 2caa80ed8b5fef07fd0449dc5ac7958681466a2d +Size (exim-4.82.1.tar.bz2) = 1722912 bytes SHA1 (patch-aa) = 24a12631b7df17930349b8a0d03adc80d27efbe2 SHA1 (patch-ab) = 6af17f036ed02a3bc37c1f303269eea447fcb691 SHA1 (patch-ae) = 7daf63727e222bbaa7e5b8289c4fcb6a8c0272cf |