From nobody@FreeBSD.org  Thu Sep 30 15:10:05 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 550D3106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 30 Sep 2010 15:10:05 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 2ABC58FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 30 Sep 2010 15:10:05 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o8UFA41L043230
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 30 Sep 2010 15:10:05 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o8UFA4qL043223;
	Thu, 30 Sep 2010 15:10:04 GMT
	(envelope-from nobody)
Message-Id: <201009301510.o8UFA4qL043223@www.freebsd.org>
Date: Thu, 30 Sep 2010 15:10:04 GMT
From: Bruce Cran <bruce@cran.org.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: mail/mutt should be updated to 1.4.2.3 to fix security bugs
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         151115
>Category:       ports
>Synopsis:       mail/mutt should be updated to 1.4.2.3 to fix security bugs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 30 15:20:02 UTC 2010
>Closed-Date:    Fri Oct 01 11:15:56 UTC 2010
>Last-Modified:  Fri Oct 01 11:16:33 UTC 2010
>Originator:     Bruce Cran
>Release:        N/A
>Organization:
>Environment:
N/A
>Description:
According to http://www.mutt.org/news.html mutt version 1.4.2.3 was released in 2007 to fix CVE-2007-2683 and CVE-2007-1558. The mail/mutt port should be updated in order to get these fixes.
>How-To-Repeat:
Install mail/mutt
>Fix:
Upgrade to 1.4.2.3.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ports-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Sep 30 16:02:27 UTC 2010 
Responsible-Changed-Why:  
ports PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151115 
State-Changed-From-To: open->feedback 
State-Changed-By: arundel 
State-Changed-When: Thu Sep 30 19:07:44 UTC 2010 
State-Changed-Why:  
otaku% grep PORTVERSION /usr/ports/mail/mutt/Makefile  
PORTVERSION=	1.4.2.3 
PATCHVERSION?=	${PORTVERSION} 

are you sure your ports tree is up-to-date? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151115 
State-Changed-From-To: feedback->analyzed 
State-Changed-By: arundel 
State-Changed-When: Thu Sep 30 22:27:07 UTC 2010 
State-Changed-Why:  
The version of mutt that gets installed by the port is in fact 1.4.2.3. However 
it seems that there were no patches available for for 1.4.2.3 at the time the 
port was bumped to that version. So the patchlevel stayed at 1.4.2.2. 
I've informed the maintainer of the port about this issue. Once he submits an 
updated port i'll close this PR. 
Thanks to bruce, kwm and jaset for pointing this out to me. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151115 
Responsible-Changed-From-To: freebsd-ports-bugs->arundel 
Responsible-Changed-By: arundel 
Responsible-Changed-When: Thu Sep 30 22:43:46 UTC 2010 
Responsible-Changed-Why:  
I'll keep track of this one. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151115 
State-Changed-From-To: analyzed->closed 
State-Changed-By: arundel 
State-Changed-When: Fri Oct 1 11:11:55 UTC 2010 
State-Changed-Why:  
Note from the maintainer regarding the bump of PATCHVERSION: 

"Why? The 1.4.2.3 release was a security bugfix, and thus the patches for 
1.4.2.2 still work as the relevant source files were not touched by the 
1.4.2.3 changes. Changing the PATCHVERSION would serve no real purpose." 

So i'll go ahead and close this PR. Originator (brucec@) agreed to this. 


Responsible-Changed-From-To: arundel->frebsd-ports-bugs 
Responsible-Changed-By: arundel 
Responsible-Changed-When: Fri Oct 1 11:11:55 UTC 2010 
Responsible-Changed-Why:  
Assign back into the pool. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151115 
Responsible-Changed-From-To: frebsd-ports-bugs->freebsd-ports-bugs 
Responsible-Changed-By: arundel 
Responsible-Changed-When: Fri Oct 1 11:16:17 UTC 2010 
Responsible-Changed-Why:  
Fix typo. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151115 
>Unformatted:
