Attachment #225983 for bug #256763

View | Details | Raw Unified | Return to bug 256763
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="46a1b78f-d2dc-11eb-baa9-080027f515ea">
    <topic>Dovecot -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>dovecot</name>
	<range><lt>2.3.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Timo Sirainen reports:</p>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html">
	  <p>
	    Sieve interpreter is not protected against abusive scripts that
	    claim excessive resource usage. Especially scripts using massive
	    amounts of regexps. Attacker can DoS the mail delivery system by
	    using excessive amount of CPU and/or reaching the lmtp/lda
	    process limits.
	  </p>
	</blockquote>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html">
	  <p>
	    Dovecot does not correctly escape kid and azp fields in JWT tokens.
	    This may be used to supply attacker controlled keys to validate
	    tokens in some configurations. This requires attacker to be able
	    to write files to local disk. Local attacker can login as any user
	    and access their emails.
	  </p>
	</blockquote>
	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html">
	  <p>
	    On-path attacker could inject plaintext commands before STARTTLS
	    negotiation that would be executed after STARTTLS finished with
	    the client. Only the SMTP submission service is affected.
	    Attacker can potentially steal user credentials and mails. The
	    attacker needs to have sending permissions on the submission
	    server (a valid username and password).
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-28200</cvename>
      <cvename>CVE-2021-29157</cvename>
      <cvename>CVE-2021-33515</cvename>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html</url>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html</url>
      <url>https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html</url>
    </references>
    <dates>
      <discovery>2021-06-21</discovery>
      <entry>2021-06-21</entry>
    </dates>
  </vuln>

  <vuln vid="0e561c06-d13a-11eb-92be-0800273f11ea">
    <topic>gitea -- multiple vulnerabilities</topic>
    <affects>
- 

Return to bug 256763

Lines 76-81 Notes: Link Here

(-)b/security/vuxml/vuln.xml (-1 / +55 lines)
76	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	76	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
77	-->	77	-->
78	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	78	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		79	<vuln vid="46a1b78f-d2dc-11eb-baa9-080027f515ea">
		80	<topic>Dovecot -- multiple vulnerabilities</topic>
		81	<affects>
		82	<package>
		83	<name>dovecot</name>
		84	<range><lt>2.3.15</lt></range>
		85	</package>
		86	</affects>
		87	<description>
		88	<body xmlns="http://www.w3.org/1999/xhtml">
		89	<p>Timo Sirainen reports:</p>
		90	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html">
		91	<p>
		92	Sieve interpreter is not protected against abusive scripts that
		93	claim excessive resource usage. Especially scripts using massive
		94	amounts of regexps. Attacker can DoS the mail delivery system by
		95	using excessive amount of CPU and/or reaching the lmtp/lda
		96	process limits.
		97	</p>
		98	</blockquote>
		99	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html">
		100	<p>
		101	Dovecot does not correctly escape kid and azp fields in JWT tokens.
		102	This may be used to supply attacker controlled keys to validate
		103	tokens in some configurations. This requires attacker to be able
		104	to write files to local disk. Local attacker can login as any user
		105	and access their emails.
		106	</p>
		107	</blockquote>
		108	<blockquote cite="https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html">
		109	<p>
		110	On-path attacker could inject plaintext commands before STARTTLS
		111	negotiation that would be executed after STARTTLS finished with
		112	the client. Only the SMTP submission service is affected.
		113	Attacker can potentially steal user credentials and mails. The
		114	attacker needs to have sending permissions on the submission
		115	server (a valid username and password).
		116	</p>
		117	</blockquote>
		118	</body>
		119	</description>
		120	<references>
		121	<cvename>CVE-2020-28200</cvename>
		122	<cvename>CVE-2021-29157</cvename>
		123	<cvename>CVE-2021-33515</cvename>
		124	<url>https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html</url>
		125	<url>https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html</url>
		126	<url>https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html</url>
		127	</references>
		128	<dates>
		129	<discovery>2021-06-21</discovery>
		130	<entry>2021-06-21</entry>
		131	</dates>
		132	</vuln>
		133
79	<vuln vid="0e561c06-d13a-11eb-92be-0800273f11ea">	134	<vuln vid="0e561c06-d13a-11eb-92be-0800273f11ea">
80	<topic>gitea -- multiple vulnerabilities</topic>	135	<topic>gitea -- multiple vulnerabilities</topic>
81	<affects>	136	<affects>
82	-