Attachment #221272 for bug #252415

View | Details | Raw Unified | Return to bug 252415 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="bd98066d-4ea4-11eb-b412-e86a64caca56">
    <topic>mail/dovecot -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>dovecot</name>
	<range><lt>2.3.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aki Tuomi reports:</p>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html">
	  <p>When imap hibernation is active, an attacker can cause Dovecot to
	    discover file system directory structure and access other users'
	    emails using specially crafted command.
	    The attacker must have valid credentials to access the
	    mail server.</p>
	</blockquote>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html">
	  <p>Mail delivery / parsing crashed when the 10 000th MIME part was
	    message/rfc822 (or if parent was multipart/digest). This happened
	    due to earlier MIME parsing changes for CVE-2020-12100.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html</url>
      <cvename>CVE-2020-24386</cvename>
      <cvename>CVE-2020-25275</cvename>
    </references>
    <dates>
      <discovery>2020-08-17</discovery>
      <entry>2021-01-04</entry>
    </dates>
  </vuln>

  <vuln vid="85349584-3ba4-11eb-919d-08002728f74c">
    <topic>jasper -- heap overflow vulnerability</topic>
    <affects>

Return to bug 252415

Lines 58-63 Link Here

(-)vuln.xml (+36 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="bd98066d-4ea4-11eb-b412-e86a64caca56">
		62	<topic>mail/dovecot -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>dovecot</name>
		66	<range><lt>2.3.13</lt></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>Aki Tuomi reports:</p>
		72	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html">
		73	<p>When imap hibernation is active, an attacker can cause Dovecot to
		74	discover file system directory structure and access other users'
		75	emails using specially crafted command.
		76	The attacker must have valid credentials to access the
		77	mail server.</p>
		78	</blockquote>
		79	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html">
		80	<p>Mail delivery / parsing crashed when the 10 000th MIME part was
		81	message/rfc822 (or if parent was multipart/digest). This happened
		82	due to earlier MIME parsing changes for CVE-2020-12100.</p>
		83	</blockquote>
		84	</body>
		85	</description>
		86	<references>
		87	<url>https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html</url>
		88	<cvename>CVE-2020-24386</cvename>
		89	<cvename>CVE-2020-25275</cvename>
		90	</references>
		91	<dates>
		92	<discovery>2020-08-17</discovery>
		93	<entry>2021-01-04</entry>
		94	</dates>
		95	</vuln>
		96
61	<vuln vid="85349584-3ba4-11eb-919d-08002728f74c">	97	<vuln vid="85349584-3ba4-11eb-919d-08002728f74c">
62	<topic>jasper -- heap overflow vulnerability</topic>	98	<topic>jasper -- heap overflow vulnerability</topic>
63	<affects>	99	<affects>