FreeBSD Bugzilla – Attachment 221829 Details for
Bug 252931
security/vuxml: mutt DOS fixed in 2.0.5
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Add DOS from mutt < 2.0.5
0001-security-vuxml-add-mail-mutt-DOS-fix-in-2.0.5.patch (text/plain), 1.86 KB, created by
Derek Schrock
on 2021-01-23 05:06:14 UTC
(
hide
)
Description:
Add DOS from mutt < 2.0.5
Filename:
MIME Type:
Creator:
Derek Schrock
Created:
2021-01-23 05:06:14 UTC
Size:
1.86 KB
patch
obsolete
>From ce298bde21035c00a959d5f0eaae90f959cf0bce Mon Sep 17 00:00:00 2001 >From: Derek Schrock <dereks@lifeofadishwasher.com> >Date: Fri, 22 Jan 2021 22:31:39 -0500 >Subject: [PATCH] security/vuxml: add mail/mutt DOS fix in 2.0.5 > >--- > security/vuxml/vuln.xml | 33 +++++++++++++++++++++++++++++++++ > 1 file changed, 33 insertions(+) > >diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml >index 44c01e9f86..78b2a4e5e1 100644 >--- a/security/vuxml/vuln.xml >+++ b/security/vuxml/vuln.xml >@@ -77,6 +77,39 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="387bbade-5d1d-11eb-bf20-4437e6ad11c4"> >+ <topic>mutt -- denial of service</topic> >+ <affects> >+ <package> >+ <name>mutt</name> >+ <range><lt>2.0.5</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Tavis Ormandy reports:</p> >+ <blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/323"> >+ <p> >+ rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a >+ denial of service (mailbox unavailability) by sending email messages >+ with sequences of semicolon characters in RFC822 address fields >+ (aka terminators of empty groups). A small email message from the >+ attacker can cause large memory consumption, and the victim >+ may then be unable to see email messages from other persons. >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://gitlab.com/muttmua/mutt/-/issues/323</url> >+ <cvename>CVE-2021-3181</cvename> >+ </references> >+ <dates> >+ <discovery>2021-01-17</discovery> >+ <entry>2021-01-23</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec"> > <topic>chromium -- multiple vulnerabilities</topic> > <affects> >-- >2.30.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=221829">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 252931
: 221829