>Number:         23511
>Category:       pkg
>Synopsis:       maintainers security fix / upgrade to fixed hylafax revision 4.1.8
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 20 17:11:01 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Andreas Hallmann
>Release:        NetBSD 1.6.1
>Organization:
HallHard Systemadministrationen
>Environment:
	
	
System: NetBSD wutz 1.6.1 NetBSD 1.6.1 (AHA) #0: Tue Jun 10 21:07:15 CEST 2003 hallmann@localhost:/usr/src/sys/arch/i386/compile/AHA i386
Architecture: i386
Machine: i386
>Description:
	for hylafax<4.1.8, there exists a remote-code-execution vulerability.
	There does not exists a known exploit, but should we realy wait...
	(see   http://www.securiteam.com/unixfocus/6O00D0K8UI.html)
>How-To-Repeat:
>Fix:

diff -Nur hylafax.orig/Makefile hylafax/Makefile
--- hylafax.orig/Makefile	Sat Nov 15 13:38:47 2003
+++ hylafax/Makefile	Sat Nov 15 13:39:04 2003
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.33 2003/10/08 10:07:15 taca Exp $
 #
 
-DISTNAME=	hylafax-4.1.7
+DISTNAME=	hylafax-4.1.8
 CATEGORIES=	comms
 MASTER_SITES=	ftp://ftp.hylafax.org/source/ \
 		ftp://ftp.leo.org/pub/comp/os/unix/networking/fax/hylafax/source/
diff -Nur hylafax.orig/distinfo hylafax/distinfo
--- hylafax.orig/distinfo	Sat Nov 15 13:38:47 2003
+++ hylafax/distinfo	Sat Nov 15 13:40:15 2003
@@ -1,7 +1,7 @@
 $NetBSD: distinfo,v 1.8 2003/09/23 21:39:47 abs Exp $
 
-SHA1 (hylafax/hylafax-4.1.7.tar.gz) = 9193f634d6879d77f0c8c00c65183c974eda90b1
-Size (hylafax/hylafax-4.1.7.tar.gz) = 1285766 bytes
+SHA1 (hylafax/hylafax-4.1.8.tar.gz) = e720bc964ecad84146f4ea2cdcdc374af66e2ce5
+Size (hylafax/hylafax-4.1.8.tar.gz) = 1285536 bytes
 SHA1 (patch-aa) = 94de7c7fb55c9c95c6a774fb732e2d47ec818152
 SHA1 (patch-ab) = 5ee930814178223fa66dd308f365ff400559fd1d
 SHA1 (patch-ac) = 3f7173b784df070b6103d808287e5fb21ebe1d16

>Release-Note:
>Audit-Trail:
>Unformatted: