From stoerte@dreamwarrior.net  Wed May 19 04:32:43 2004
Return-Path: <stoerte@dreamwarrior.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7809D16A4CE; Wed, 19 May 2004 04:32:43 -0700 (PDT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 231B443D2D; Wed, 19 May 2004 04:32:43 -0700 (PDT)
	(envelope-from stoerte@dreamwarrior.net)
Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1BQPJ7-0004YX-00; Wed, 19 May 2004 13:32:21 +0200
Received: from [213.146.126.142] (helo=dreamwarrior.foobar.ath.cx)
	by mrelayng.kundenserver.de with asmtp (TLSv1:EDH-RSA-DES-CBC3-SHA:168)
	(Exim 3.35 #1)
	id 1BQPJ6-0003Q8-00; Wed, 19 May 2004 13:32:20 +0200
Received: from stoerte by dreamwarrior.foobar.ath.cx with local (Exim 4.34; FreeBSD)
	id 1BQPJ6-0002fG-1F; Wed, 19 May 2004 13:32:20 +0200
Message-Id: <E1BQPJ6-0002fG-1F@dreamwarrior.foobar.ath.cx>
Date: Wed, 19 May 2004 13:32:20 +0200
From: Frank Ruell <stoerte@dreamwarrior.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: lev@FreeBSD.org
Subject:
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         66871
>Category:       ports
>Synopsis:       
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 19 04:40:22 PDT 2004
>Closed-Date:    Wed May 19 05:22:52 PDT 2004
>Last-Modified:  Wed May 19 05:22:52 PDT 2004
>Originator:     Frank Ruell
>Release:        FreeBSD 5.2.1-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD dreamwarrior.foobar.ath.cx 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #1: Mon Apr 12 03:13:36 CEST 2004 root@:/usr/obj/usr/src/sys/Dreamwarrior i386


	
>Description:
	Update to newest Version. There's a security isssue with the
	old version.
	Quote from http://security.e-matters.de/advisories/062004.html
	" A vulnerability within a libneon date parsing function could
	cause a heap overflow which could lead to remote code
	execution, depending on the application using libneon."

	It will be CVE CAN-2004-0398,
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398


>How-To-Repeat:
>Fix:

	--- neon-0.24.6.patch begins here ---
diff -ruN neon.orig/Makefile neon/Makefile
--- neon.orig/Makefile	Sun Apr 18 08:38:48 2004
+++ neon/Makefile	Wed May 19 13:15:34 2004
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	neon
-PORTVERSION=	0.24.5
+PORTVERSION=	0.24.6
 CATEGORIES=	www
 MASTER_SITES=	http://www.webdav.org/neon/
 
diff -ruN neon.orig/distinfo neon/distinfo
--- neon.orig/distinfo	Sun Apr 18 08:38:48 2004
+++ neon/distinfo	Wed May 19 13:17:31 2004
@@ -1,2 +1,2 @@
-MD5 (neon-0.24.5.tar.gz) = 69c2a079ea0ab01c6c39e8e01a58c665
-SIZE (neon-0.24.5.tar.gz) = 599383
+MD5 (neon-0.24.6.tar.gz) = e9473de23f9a57b23247d005efb5ebd7
+SIZE (neon-0.24.6.tar.gz) = 600129

--- neon-0.24.6.patch ends here ---



>Release-Note:
>Audit-Trail:

From: Frank Ruell <stoerte@dreamwarrior.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: ports/66871: 
Date: Wed, 19 May 2004 14:13:36 +0200

 Please close this PR, see ports/66874 instead.
 Sorry for any inconvenience this created.
 
 Frank
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Wed May 19 05:22:25 PDT 2004 
State-Changed-Why:  
See ports/66874 instead. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=66871 
>Unformatted:
