FreeBSD Bugzilla – Attachment 215759 Details for
Bug 247399
security/vuxml: Add mutt 1.14.3 and 1.14.4 issues
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Add 1.14.3 and 1.14.4 issues
0001-security-vuxml-Add-mutt-1.14.3-and-1.14.4-issues.patch (text/plain), 2.54 KB, created by
Derek Schrock
on 2020-06-19 02:44:10 UTC
(
hide
)
Description:
Add 1.14.3 and 1.14.4 issues
Filename:
MIME Type:
Creator:
Derek Schrock
Created:
2020-06-19 02:44:10 UTC
Size:
2.54 KB
patch
obsolete
>From 4c0a7e58a9d5b39a13ee27824f0f80c20efbfde5 Mon Sep 17 00:00:00 2001 >From: Derek Schrock <dereks@lifeofadishwasher.com> >Date: Thu, 18 Jun 2020 22:36:35 -0400 >Subject: [PATCH] security/vuxml: Add mutt 1.14.3 and 1.14.4 issues > >1.14.4 is waiting for a CVE. Update that once it's created. >--- > security/vuxml/vuln.xml | 51 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 51 insertions(+) > >diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml >index 77c90c54d48f..5b4fcc2425ca 100644 >--- a/security/vuxml/vuln.xml >+++ b/security/vuxml/vuln.xml >@@ -58,6 +58,57 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="29b13a34-b1d2-11ea-a11c-4437e6ad11c4"> >+ <topic>Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP</topic> >+ <affects> >+ <package> >+ <name>mutt</name> >+ <range><le>1.14.4</le></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>mutt 1.14.4 updates:</p> >+ <blockquote cite="https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4"> >+ <p>Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4</url> >+ </references> >+ <dates> >+ <discovery>2020-06-16</discovery> >+ <entry>2020-06-19</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="5b397852-b1d0-11ea-a11c-4437e6ad11c4"> >+ <topic>IMAP fcc/postpone machine-in-the-middle attack</topic> >+ <affects> >+ <package> >+ <name>mutt</name> >+ <range><le>1.14.3</le></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>mutt 1.14.3 updates:</p> >+ <blockquote cite="https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01"> >+ <p>CVE-2020-14093 - IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01</url> >+ <cvename>CVE-2020-14093</cvename> >+ </references> >+ <dates> >+ <discovery>2020-06-14</discovery> >+ <entry>2020-06-19</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="f28476f7-b166-11ea-8775-507b9d01076a"> > <topic>Several issues in Lynis</topic> > <affects> >-- >2.27.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=215759">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 247399
:
215759
|
215848