[dbmail] Updated (2.0.10 -> 2.2.9) : SECURITY - MEDIUM

CVE-2007-6714 (Medium) : DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
17 years ago · fda9060b2f
2 changed files with 5 additions and 6 deletions
--- a/mail/dbmail/dbmail.conf
+++ b/mail/dbmail/dbmail.conf
@ -1,8 +1,8 @@
-
 # --- SDE-COPYRIGHT-NOTE-BEGIN ---
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../dbmail/dbmail.conf
+# Copyright (C) 2008 The OpenSDE Project
 # Copyright (C) 2004 - 2006 The T2 SDE Project
 # Copyright (C) 1998 - 2003 Clifford Wolf
 #
@ -16,7 +16,7 @@

 case "${SDECFG_PKG_DBMAIL_DB}" in
 	mysql)
-		var_append extraconfopt ' ' "--with-mysql=/opt/mysql/include/mysql/"
+		var_append extraconfopt ' ' "--with-mysql"
 		var_append LDFLAGS ' ' "-L/opt/mysql/lib/mysql/"
 		export LDFLAGS ;;
 	postgresql)
--- a/mail/dbmail/dbmail.desc
+++ b/mail/dbmail/dbmail.desc
@ -1,9 +1,8 @@
-
 [COPY] --- SDE-COPYRIGHT-NOTE-BEGIN ---
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
 [COPY] Filename: package/.../dbmail/dbmail.desc
-[COPY] Copyright (C) 2006 The OpenSDE Project
+[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
 [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
 [COPY] Copyright (C) 1998 - 2003 Clifford Wolf
 [COPY]
@ -31,9 +30,9 @@

 [L] GPL
 [S] Stable
-[V] 2.0.10
+[V] 2.2.9
 [P] X -----5---9 205.100

 [CV-URL] http://www.dbmail.org/index.php?page=download

-[D] 3291130531 dbmail-2.0.10.tar.gz http://www.dbmail.org/download/2.0/
+[D] 2519770305 dbmail-2.2.9.tar.gz http://www.dbmail.org/download/2.2/