#49044: Patch/Update procmail because of CVE-2014-3618 -----------------------+-------------------------------- Reporter: sierkb@… | Owner: macports-tickets@… Type: update | Status: new Priority: High | Milestone: Component: ports | Version: Resolution: | Keywords: security Port: procmail | -----------------------+-------------------------------- Comment (by sierkb@…): Replying to [comment:3 ryandesign@…]:
Could you give me the exact URL to the fix? I cannot find it.
[http://www.openwall.com/lists/oss-security/2014/09/03/8][[BR]] Btw: it is the very first reference link given on CVE-2014-3618's CVE and MITRE webpage named above. An equal patch file (''patch-src-formisc.c'') concerning the Heap-based buffer overflow in formisc.c addressed by CVE-2014-3618 on FreeBSDs ports collection:[[BR]] [http://www.freshports.org/mail/procmail] → [http://svnweb.freebsd.org/ports?view=revision&revision=368009] → [http://svnweb.freebsd.org/ports/head/mail/procmail/files/patch-src- formisc.c?view=markup&pathrev=368009] The same patch for FreeBSD's procmail on FreeBSD's GitHub repository:[[BR]] [https://github.com/freebsd/freebsd-ports/blob/master/mail/procmail/files /patch-src-formisc.c] -- Ticket URL: <https://trac.macports.org/ticket/49044#comment:4> MacPorts <https://www.macports.org/> Ports system for OS X