pkgsrc-changes: CVS commit: [pkgsrc-2005Q3] pkgsrc/www/libwww

Subject: CVS commit: [pkgsrc-2005Q3] pkgsrc/www/libwww
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 11/05/2005 17:25:26

Module Name:	pkgsrc
Committed By:	snj
Date:		Sat Nov  5 17:25:26 UTC 2005

Modified Files:
	pkgsrc/www/libwww [pkgsrc-2005Q3]: Makefile distinfo
Added Files:
	pkgsrc/www/libwww/patches [pkgsrc-2005Q3]: patch-ap

Log Message:
Pullup ticket 886 - requested by Lubomir Sedlacik
security fix for libwww

Revisions pulled up:
- pkgsrc/www/libwww/Makefile		1.62
- pkgsrc/www/libwww/distinfo		1.21
- pkgsrc/www/libwww/patches/patch-ap	1.1

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Thu Nov  3 15:51:59 UTC 2005

   Modified Files:
           pkgsrc/www/libwww: Makefile distinfo
   Added Files:
           pkgsrc/www/libwww/patches: patch-ap

   Log Message:
   Security fix for SA17119:

   "A vulnerability was found in W3C Libwww, which potentially can be
   exploited by malicious people to cause a DoS (Denial of Service).

   The vulnerability is caused due to a boundary error in the
   "HTBoundary_put_block()" function when processing multipart MIME data.
   This may be exploited to cause an illegal memory access past the end of
   the input buffer via specially crafted multipart MIME data.

   Successful exploitation can potentially cause an application that uses
   Libwww to crash."

   http://secunia.com/advisories/17119/
   https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597

   Bump PKGREVISION.
   Patch from RedHat.


To generate a diff of this commit:
cvs rdiff -r1.61 -r1.61.4.1 pkgsrc/www/libwww/Makefile
cvs rdiff -r1.20 -r1.20.4.1 pkgsrc/www/libwww/distinfo
cvs rdiff -r0 -r1.1.2.1 pkgsrc/www/libwww/patches/patch-ap

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.