Attachment 195221 Details for Bug 229810 – new entry from master with CVEs

[patch] new entry from master with CVEs

0001-security-vuxml-new-entry-for-mail-mutt-1.10.1.patch (text/plain), 3.61 KB, created by Derek Schrock on 2018-07-17 21:23:36 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Derek Schrock

Created: 2018-07-17 21:23:36 UTC

Size: 3.61 KB

patch

obsolete

>From 8bccf0ccf276467948908231d64e94993a107f36 Mon Sep 17 00:00:00 2001
>From: Derek Schrock <dereks@lifeofadishwasher.com>
>Date: Tue, 17 Jul 2018 17:20:08 -0400
>Subject: [PATCH] security/vuxml: new entry for mail/mutt 1.10.1
>
>---
> security/vuxml/vuln.xml | 58 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 58 insertions(+)
>
>diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
>index baf19ff2f426..cae46e83f8e0 100644
>--- a/security/vuxml/vuln.xml
>+++ b/security/vuxml/vuln.xml
>@@ -58,6 +58,63 @@ Notes:
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="a2f35081-8a02-11e8-8fa5-4437e6ad11c4">
>+ <topic>mutt -- remote code injection and path traversal vulnerability</topic>
>+ <affects>
>+ <package>
>+	<name>mutt</name>
>+	<range><lt>1.10.1</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	Kevin J. McCarthy reports:
>+	<blockquote cite="http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html">
>+	 Fixes a remote code injection vulnerability when "subscribing"
>+	 to an IMAP mailbox, either via $imap_check_subscribed, or via the
>+	 &lt;subscribe&gt; function in the browser menu. Mutt was generating a
>+	 "mailboxes" command and sending that along to the muttrc parser.
>+	 However, it was not escaping "`", which executes code and inserts
>+	 the result. This would allow a malicious IMAP server to execute
>+	 arbitrary code (for $imap_check_subscribed).
>+	 Fixes POP body caching path traversal vulnerability.
>+	 Fixes IMAP header caching path traversal vulnerability.
>+	 CVE-2018-14349 - NO Response Heap Overflow
>+	 CVE-2018-14350 - INTERNALDATE Stack Overflow
>+	 CVE-2018-14351 - STATUS Literal Length relative write
>+	 CVE-2018-14352 - imap_quote_string off-by-one stack overflow
>+	 CVE-2018-14353 - imap_quote_string int underflow
>+	 CVE-2018-14354 - imap_subscribe Remote Code Execution
>+	 CVE-2018-14355 - STATUS mailbox header cache directory traversal
>+	 CVE-2018-14356 - POP empty UID NULL deref
>+	 CVE-2018-14357 - LSUB Remote Code Execution
>+	 CVE-2018-14358 - RFC822.SIZE Stack Overflow
>+	 CVE-2018-14359 - base64 decode Stack Overflow
>+	 CVE-2018-14362 - POP Message Cache Directory Traversal
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <cvename>CVE-2018-14349</cvename>
>+ <cvename>CVE-2018-14350</cvename>
>+ <cvename>CVE-2018-14351</cvename>
>+ <cvename>CVE-2018-14352</cvename>
>+ <cvename>CVE-2018-14353</cvename>
>+ <cvename>CVE-2018-14354</cvename>
>+ <cvename>CVE-2018-14355</cvename>
>+ <cvename>CVE-2018-14356</cvename>
>+ <cvename>CVE-2018-14357</cvename>
>+ <cvename>CVE-2018-14358</cvename>
>+ <cvename>CVE-2018-14359</cvename>
>+ <cvename>CVE-2018-14362</cvename>
>+ <url>http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html</url>
>+ </references>
>+ <dates>
>+ <discovery>2018-07-15</discovery>
>+ <entry>2018-07-17</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="ef013039-89cd-11e8-84e9-00e04c1ea73d">
> <topic>typo3 -- multiple vulnerabilities</topic>
> <affects>
>@@ -133,6 +190,7 @@ Notes:
> </body>
> </description>
> <references>
>+ <cvename>CVE-2018-1000180</cvename>
> <cvename>CVE-2018-1000180</cvename>
> <cvename>CVE-2018-1000613</cvename>
> <url>https://www.bouncycastle.org/latest_releases.html</url>
>-- 
>2.18.0
>

Actions: View | Diff

Attachments on bug 229810: 195177 | 195221