Subject: libmm vulnerability - may I fix?
To: None <tech-pkg@netbsd.org>
From: Mason Loring Bliss <mason@acheron.middleboro.ma.us>
List: tech-pkg
Date: 07/31/2002 16:15:38
--Hix8K3b8kRbLLbv+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
libmm seems to have a vulnerability right now:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0658
I've updated my local copy of pkgsrc to use the latest stable version, and
it appears to work well. If no one objects, I'd like the commit the followi=
ng
changes.
Also, I'd like to update the pkg-vulnerabilities file once there has been
a more formal report posted by a service we already list in that file.
If no one objects by then, I'll commit this at 22:00 EST (UTC -0400).
Thanks in advance for input.
PS: Chris Jones, libmm's listed maintainer, is out of touch until after the
middle of next month, according to his vacation mail program.
Index: Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvsroot/pkgsrc/devel/libmm/Makefile,v
retrieving revision 1.2
diff -u -w -r1.2 Makefile
--- Makefile 2001/10/23 14:40:36 1.2
+++ Makefile 2002/07/31 20:09:31
@@ -1,10 +1,10 @@
# $NetBSD: Makefile,v 1.2 2001/10/23 14:40:36 jlam Exp $
#
=20
-DISTNAME=3D mm-1.1.3
-PKGNAME=3D libmm-1.1.3
+DISTNAME=3D mm-1.2.1
+PKGNAME=3D libmm-1.2.1
CATEGORIES=3D devel
-MASTER_SITES=3D http://www.engelschall.com/sw/mm/
+MASTER_SITES=3D ftp://ftp.ossp.org/pkg/lib/mm/
=20
MAINTAINER=3D cjones@netbsd.org
HOMEPAGE=3D http://www.engelschall.com/sw/mm/
Index: PLIST
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvsroot/pkgsrc/devel/libmm/PLIST,v
retrieving revision 1.1
diff -u -w -r1.1 PLIST
--- PLIST 2001/11/01 01:24:36 1.1
+++ PLIST 2002/07/31 20:09:31
@@ -6,5 +6,5 @@
lib/libmm.la
lib/libmm.a
lib/libmm.so
-lib/libmm.so.11
-lib/libmm.so.11.23
+lib/libmm.so.12
+lib/libmm.so.12.21
Index: distinfo
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvsroot/pkgsrc/devel/libmm/distinfo,v
retrieving revision 1.1.1.1
diff -u -w -r1.1.1.1 distinfo
--- distinfo 2001/07/14 23:06:26 1.1.1.1
+++ distinfo 2002/07/31 20:09:31
@@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.1.1.1 2001/07/14 23:06:26 cjones Exp $
=20
-SHA1 (mm-1.1.3.tar.gz) =3D 17430522a2c7de6175443393ad481372cc2da329
-Size (mm-1.1.3.tar.gz) =3D 137951 bytes
+SHA1 (mm-1.2.1.tar.gz) =3D c2915c82adbf9be7b43375a5ced3dc08700b1810
+Size (mm-1.2.1.tar.gz) =3D 217078 bytes
--=20
Mason Loring Bliss mason@acheron.middleboro.ma.us Ewige Blumenkraft!
https://www.deadsexy.org/ awake ? sleep : random() & 2 ? dream : sleep;
--Hix8K3b8kRbLLbv+
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE9SEVqykMMY715wXIRAoNgAKCZ0umwTF5HaZcjMgpMOmHMA6zPugCg+0aE
i+VYIaKFUUgk3jCMRVxkMb4=
=c+QK
-----END PGP SIGNATURE-----
--Hix8K3b8kRbLLbv+--