Subject: pkg/23511: maintainers security fix / upgrade to fixed hylafax revision 4.1.8
To: None <gnats-bugs@gnats.netbsd.org>
From: None <hallmanns@surfeu.de>
List: netbsd-bugs
Date: 11/20/2003 18:09:54
>Number: 23511
>Category: pkg
>Synopsis: maintainers security fix / upgrade to fixed hylafax revision 4.1.8
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Nov 20 17:11:01 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Andreas Hallmann
>Release: NetBSD 1.6.1
>Organization:
HallHard Systemadministrationen
>Environment:
System: NetBSD wutz 1.6.1 NetBSD 1.6.1 (AHA) #0: Tue Jun 10 21:07:15 CEST 2003 hallmann@localhost:/usr/src/sys/arch/i386/compile/AHA i386
Architecture: i386
Machine: i386
>Description:
for hylafax<4.1.8, there exists a remote-code-execution vulerability.
There does not exists a known exploit, but should we realy wait...
(see http://www.securiteam.com/unixfocus/6O00D0K8UI.html)
>How-To-Repeat:
>Fix:
diff -Nur hylafax.orig/Makefile hylafax/Makefile
--- hylafax.orig/Makefile Sat Nov 15 13:38:47 2003
+++ hylafax/Makefile Sat Nov 15 13:39:04 2003
@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.33 2003/10/08 10:07:15 taca Exp $
#
-DISTNAME= hylafax-4.1.7
+DISTNAME= hylafax-4.1.8
CATEGORIES= comms
MASTER_SITES= ftp://ftp.hylafax.org/source/ \
ftp://ftp.leo.org/pub/comp/os/unix/networking/fax/hylafax/source/
diff -Nur hylafax.orig/distinfo hylafax/distinfo
--- hylafax.orig/distinfo Sat Nov 15 13:38:47 2003
+++ hylafax/distinfo Sat Nov 15 13:40:15 2003
@@ -1,7 +1,7 @@
$NetBSD: distinfo,v 1.8 2003/09/23 21:39:47 abs Exp $
-SHA1 (hylafax/hylafax-4.1.7.tar.gz) = 9193f634d6879d77f0c8c00c65183c974eda90b1
-Size (hylafax/hylafax-4.1.7.tar.gz) = 1285766 bytes
+SHA1 (hylafax/hylafax-4.1.8.tar.gz) = e720bc964ecad84146f4ea2cdcdc374af66e2ce5
+Size (hylafax/hylafax-4.1.8.tar.gz) = 1285536 bytes
SHA1 (patch-aa) = 94de7c7fb55c9c95c6a774fb732e2d47ec818152
SHA1 (patch-ab) = 5ee930814178223fa66dd308f365ff400559fd1d
SHA1 (patch-ac) = 3f7173b784df070b6103d808287e5fb21ebe1d16
>Release-Note:
>Audit-Trail:
>Unformatted: