Alexander Bergolth wrote the following on 30/03/2007 09:32:
> Did the patch apply? (Unfortunately my email-client wrapped one line.)
Yes, and spotted the line-wrap.
> Did you use the correct (patched) spec-file?
Yes, and I could see the lines affected by the patch being run.
> I just tried it o
On 03/30/2007 02:17 AM, Alan Munday wrote:
> Alexander Bergolth wrote the following on 29/03/2007 10:37:
>>> But using the following attached patch for the SPEC-file, it will even
>>> build on FC1.
>
> I tried patching the spec file and building on FC5 tonight... but it
> still fails to build and
Alexander Bergolth wrote the following on 29/03/2007 10:37:
>> But using the following attached patch for the SPEC-file, it will even
>> build on FC1.
Alexander
I tried patching the spec file and building on FC5 tonight... but it still
fails to build and at the same point that it failed without
Alexander Bergolth wrote the following on 29/03/2007 10:37:
>> As pointed out by MrC, the wrong (the installed, old) libmagic.so is
>> used during the build-phase, which causes problems.
>>
>> But using the following attached patch for the SPEC-file, it will even
>> build on FC1.
>
> I forgot that
On 03/29/2007 11:21 AM, Alexander Bergolth wrote:
> On 03/29/2007 02:03 AM, Alan Munday wrote:
>> Mark Martinec wrote the following on 23/03/2007 16:22:
>>> ===
>>> AMaViS Security Announcement
>>> Solut
On 03/29/2007 02:03 AM, Alan Munday wrote:
> Mark Martinec wrote the following on 23/03/2007 16:22:
>> ===
>> AMaViS Security Announcement
>> Solution: update to file 4.20 or later
> > -
Mark Martinec wrote the following on 23/03/2007 16:22:
> ===
> AMaViS Security Announcement
> Solution: update to file 4.20 or later
> -
On Fri, Mar 23, 2007 at 05:22:35PM +0100, Mark Martinec wrote:
>
> 1. Problem description
> A security issue (integer underflow) in the GNU file(1) utility can
> lead to a heap overflow.
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
> http://mx.gw.com/pipermail/file/2007/000161.ht
Michael,
> Is the stock on on FBSD vulnerable?
So it appears. It is 4.12, and there were no other
significant changes in funcs.c/file_printf up to 4.19,
the real change is only in 4.20.
Mark
-
Take Surveys. Earn Cash. Inf
On 3/27/07, Mark Martinec <[EMAIL PROTECTED]> wrote:
>
> alex,
>
> > > Vulnerability: file utility
> > > Priority: urgent
> > > Solution: update to file 4.20 or later
>
> > Is FreeBSD affected or is the BSD file not same as GNU file?
>
> The version from ports (
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Mark Martinec
> Sent: Tuesday, March 27, 2007 6:51 AM
> To: amavis-user@lists.sourceforge.net
> Subject: Re: [AMaViS-user] AMaViS Security Announcement
> ASA-200
alex,
> > Vulnerability: file utility
> > Priority: urgent
> > Solution: update to file 4.20 or later
> Is FreeBSD affected or is the BSD file not same as GNU file?
The version from ports (sysutils/file) is 4.20
(since 2007-03-03) but you need to install it.
On 3/23/07, Mark Martinec <[EMAIL PROTECTED]> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> ===
> AMaViS Security Announcement
>
> Date: 2007-03-23
> affected version
Mark Martinec wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> ===
> AMaViS Security Announcement
>
> Date: 2007-03-23
> affected version(s):amavis, amavisd, amavisd-n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
===
AMaViS Security Announcement
Date: 2007-03-23
affected version(s):amavis, amavisd, amavisd-new, amavis-ng
Vulnerability:
15 matches
Mail list logo
