[MacPorts] #49044: Patch/Update procmail because of CVE-2014-3618
MacPorts
noreply at macports.org
Thu Oct 1 16:21:56 PDT 2015
#49044: Patch/Update procmail because of CVE-2014-3618
----------------------+--------------------------------
Reporter: sierkb@… | Owner: macports-tickets@…
Type: update | Status: new
Priority: High | Milestone:
Component: ports | Version:
Keywords: security | Port: procmail
----------------------+--------------------------------
CVE-2014-3618: ''Heap-based buffer overflow in formisc.c in formail in
procmail 3.22 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted email header, related to
"unbalanced quotes."''[[BR]]
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618],[[BR]]
[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3618]
Since Apple hast removed procmail from OS X since OS X 10.11 (see
[https://support.apple.com/de-de/HT205267]), a most recent and security
patched procmail provided by MacPorts might be wise.
Homebrew already has reacted accordingly:
[https://github.com/Homebrew/homebrew/pull/43686].
--
Ticket URL: <https://trac.macports.org/ticket/49044>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list