[jadmin] FreeBSD Ports and jabberd14 (WAS Jabberd and ICQ
transport)
Renato Botelho
rbgarga at gmail.com
Sat Sep 2 12:00:45 CDT 2006
On 9/2/06, Matthias Wimmer <m at tthias.eu> wrote:
> Hi!
>
> Renato Botelho schrieb:
> > On 8/30/06, Paul Cahill <PaulC at car-part.com> wrote:
> >> Just out of curiosity, why is the FreeBSD group removing jabberd14? Do
> >> they not know that Jabbderd14 and Jabberd2 are two totally different
> >> servers and projects?
> >
> > ===> jabber-1.4.3.1,1 has known vulnerabilities:
> > => fd_set -- bitmap index overflow in multiple applications.
> > Reference:
> > <http://www.FreeBSD.org/ports/portaudit/4c005a5e-2541-4d95-80a0-00c76919aa66.html>
> >
> >
> > This port is listed on VuXML about this vulnerability since
> > 2004-12-12, and until now, we cannot find a fix for it.
> >
> > 1.4.4 version has no fix for it too, so, some committers decided to
> > mark it as DEPRECATED, announce and wait some time for a fix.
> >
> > This fix didn't come and if it doesn't come in near future, port will
> > be removed. If a fix come in future, port can be safely re-added.
>
>
> I was not noticed about this vulnerability before 2006-06-20. A fix for
> it is at present in trunk of jabberd14. I will release updated bugfix
> releases 1.4.3.2 (fixing 1.4.3.1) and 1.4.4.1 (fixing 1.4.4) soon.
Great to hear it... =)
If you can provide me the patch, I can save the port now, before new
release comes.
Thanks for your help
--
Renato Botelho
More information about the JAdmin
mailing list