From eikemeier@fillmore-labs.com  Mon Aug 23 17:49:21 2004
Return-Path: <eikemeier@fillmore-labs.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 150E016A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 23 Aug 2004 17:49:21 +0000 (GMT)
Received: from fillmore.dyndns.org (port-212-202-50-15.dynamic.qsc.de [212.202.50.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B066343D3F
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 23 Aug 2004 17:49:19 +0000 (GMT)
	(envelope-from eikemeier@fillmore-labs.com)
Received: from dhcp-10.local ([172.16.0.10])
	by fillmore.dyndns.org with esmtp (TLSv1:DES-CBC3-SHA:168)
	(Exim 4.41 (FreeBSD))
	id 1BzIwW-000En0-La; Mon, 23 Aug 2004 19:49:19 +0200
Message-Id: <C3F34BAE-F52C-11D8-8CAA-00039312D914@fillmore-labs.com>
Date: Mon, 23 Aug 2004 19:49:22 +0200
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
To: Esa Karkkainen <ejk@iki.fi>
Cc: FreeBSD-gnats-submit@freebsd.org, jus@security.za.net
In-Reply-To: <200408231631.i7NGVh8s064540@thunderbolt.my.domain>
Subject: Re: Security update port: mail/ripmime from 1.3.2.2 to 1.3.2.3

>Number:         70876
>Category:       ports
>Synopsis:       Re: Security update port: mail/ripmime from 1.3.2.2 to 1.3.2.3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 23 17:50:22 GMT 2004
>Closed-Date:    Thu Aug 26 01:56:14 GMT 2004
>Last-Modified:  Thu Aug 26 01:56:14 GMT 2004
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 Esa Karkkainen wrote:
 
 > Security update to mail/ripmime. Version 1.3.2.3 supposedly has fix to
 > "ripMIME attachment extraction bypass". For more information can be 
 > found at
 >
 > http://www.freebsd.org/ports/portaudit/85e19dff-e606-11d8-9b0a-000347a4fa7d.
 > html
 >
 > Information I read at above mentioned URL is also the reason why I 
 > submitted
 > this PR. Above mentioned URL contains reference to
 > "ports/security/vuxml/vuln.xml". I did not find any reference to
 > "ripMIME attachment extraction bypass" when I searched the "vuln.xml".
 
 Sorry, the website creation script is too simplistic. I'll fix that, 
 thanks for the heads-up.
 -Oliver
 
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Thu Aug 26 01:55:37 GMT 2004 
State-Changed-Why:  
Misfiled followup. 


Responsible-Changed-From-To: gnats-admin->freebsd-ports-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Aug 26 01:55:37 GMT 2004 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=70876 
>Unformatted:
