[odc] Daily ports changes for 2002-10-07
ODC
auto at squish.net
Tue Oct 8 08:00:35 BST 2002
OpenBSD ports changes summary for 2002-10-07
============================================
mail/p5-Mail-SpamAssassin net/gaim
net/silc-client print/gv
== mail ============================================================== 01/03 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/mail
p5-Mail-SpamAssassin
~ pkg/PLIST ~ distinfo
~ Makefile
> update p5-Mail-SpamAssassin to version 2.42; from MAINTAINER (lebel@)
== net =============================================================== 02/03 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/net
gaim
~ distinfo ~ Makefile
> update to gaim-0.59.4 (jcs@)
silc-client
+ patches/gcc-patch-lib_silcsim_Makefile_in
TAGGED OPENBSD_3_2
> MFC:
> more workarounds for sha1.c on sparc64; this works fine now. (brad@)
== print ============================================================= 03/03 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/print
gv
+ patches/patch-source_ps_c + patches/patch-source_file_h
+ patches/patch-source_file_c ~ Makefile
TAGGED OPENBSD_3_2
> Fix security issue with gv.
> When GV detects that the document is either a PDF file or a
> GZip compressed file, it executes some commands with the help of the
> system() function. Unfortunately, these commands contain the
> filename, which can be considered as untrusted user input. It is then
> possible to distribute a file (with a meticulously chosen filename,
> that even seems innocent) that causes execution of arbitrary
> shell commands when it is read with GV.
> http://www.epita.fr/~bevand_m/asa/asa-0000 (brad@)
===============================================================================
More information about the odc
mailing list