diff options
| author | Chris Piazza <cpiazza@FreeBSD.org> | 1999-08-30 19:14:07 +0000 |
|---|---|---|
| committer | Chris Piazza <cpiazza@FreeBSD.org> | 1999-08-30 19:14:07 +0000 |
| commit | 58ca2806f3504fbc6fb341a28d0adfa9503f72a9 (patch) | |
| tree | d22f266e7f50c04b645bd84bb80673d1a37ad11d /ftp/wu-ftpd+ipv6 | |
| parent | 0026d832e3b05eee91618ce12b019166cf6b4ecb (diff) | |
| download | ports-58ca2806f3504fbc6fb341a28d0adfa9503f72a9.tar.gz ports-58ca2806f3504fbc6fb341a28d0adfa9503f72a9.zip | |
Add a PATCH_FILE to close a security hole in wu-ftpd.
Quoted from wu-ftpd group's accouncement:
Due to insufficient bounds checking on directory name lengths which can
be supplied by users, it is possible to overwrite the static memory
space of the wu-ftpd daemon while it is executing under certain
configurations. By having the ability to create directories and
supplying carefully designed directory names to the wu-ftpd, users may
gain privileged access.
PR: 13475
Submitted by: jack@germanium.xtalwind.net
Notes
Notes:
svn path=/head/; revision=21133
Diffstat (limited to 'ftp/wu-ftpd+ipv6')
| -rw-r--r-- | ftp/wu-ftpd+ipv6/Makefile | 3 | ||||
| -rw-r--r-- | ftp/wu-ftpd+ipv6/distinfo | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/ftp/wu-ftpd+ipv6/Makefile b/ftp/wu-ftpd+ipv6/Makefile index 20940b692a64..7ca3f872b7d3 100644 --- a/ftp/wu-ftpd+ipv6/Makefile +++ b/ftp/wu-ftpd+ipv6/Makefile @@ -12,6 +12,9 @@ DISTNAME= wu-ftpd-2.5.0 CATEGORIES= ftp MASTER_SITES= ftp://ftp.vr.net/pub/wu-ftpd/wu-ftpd/ +PATCH_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/ +PATCHFILES= mapped.path.overrun.patch + MAINTAINER= ache@FreeBSD.org Y2K= http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html#QA35 diff --git a/ftp/wu-ftpd+ipv6/distinfo b/ftp/wu-ftpd+ipv6/distinfo index 213f7f23a0d8..0a187286a77d 100644 --- a/ftp/wu-ftpd+ipv6/distinfo +++ b/ftp/wu-ftpd+ipv6/distinfo @@ -1 +1,2 @@ MD5 (wu-ftpd-2.5.0.tar.gz) = 98f9c8490e0d1ca2c3c57e60e65803b7 +MD5 (mapped.path.overrun.patch) = b01b65652eb3816f0ab11971ac52424d |