Subject: pkg/26607: cfengine security fix
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <mike@ethmoid.org>
List: pkgsrc-bugs
Date: 08/09/2004 22:17:52
>Number:         26607
>Category:       pkg
>Synopsis:       Cfengine RSA Authentication Heap Corruption
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 10 02:32:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Michael Santos
>Release:        NetBSD 2.0G
>Organization:
	
>Environment:
	
	
System: NetBSD ack 2.0G NetBSD 2.0G (ack) #55: Thu Aug 5 16:00:24 EDT 2004 root@ack:/home/build/src/sys/arch/i386/compile/obj/ack i386
Architecture: i386
Machine: i386
>Description:
see  Cfengine RSA Authentication Heap Corruption
http://www.securityfocus.org/advisories/7045

>How-To-Repeat:
>Fix:

--- pkg-vulnerabilities.orig    2004-08-09 22:11:30.000000000 -0400
+++ pkg-vulnerabilities 2004-08-09 22:14:37.000000000 -0400
@@ -561,3 +561,5 @@
 suse_libpng-9.1                remote-code-execution   http://scary.beasts.org/security/CESA-2004-001.txt
 suse_libpng<=6.4       remote-code-execution   http://scary.beasts.org/security/CESA-2004-001.txt
+cfengine-2.0.*         remote-code-execution   http://www.securityfocus.org/advisories/7045
+cfengine-2.1.[0-7]*    remote-code-execution   http://www.securityfocus.org/advisories/7045
 #CHECKSUM SHA1 afcc280e3e6376da5a0148ade10d547516743033

>Release-Note:
>Audit-Trail:
>Unformatted:
 	
 	
 >How-Ta-Repeat:
 	<how to correct or work around the problem, if known (multiple lines)>
 	<code/input/activities to reproduce the problem (multiple lines)>