Bug 229810

Summary: security/vuxml: add entry for mail/mutt 1.10.1
Product: Ports & Packages Reporter: Derek Schrock <dereks>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Some People CC: fernape, ports-secteam
Priority: --- Flags: dereks: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   
URL: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229809
Attachments:
Description Flags
Add entry for mail/mutt 1.10.1
none
new entry from master with CVEs none

Description Derek Schrock 2018-07-16 18:53:42 UTC 
Created attachment 195177 [details]
Add entry for mail/mutt 1.10.1

Add entry for mail/mutt 1.10.1

This is related to bug #229809
Comment 1 Derek Schrock 2018-07-17 19:21:45 UTC 
The CVEs were just released for 1.10.1:

CVE-2018-14349 - NO Response Heap Overflowg                                                                                                                                                                                          CVE-2018-14350 - INTERNALDATE Stack Overflowg
CVE-2018-14351 - STATUS Literal Length relative writeg                                                                                                                                                                               CVE-2018-14352 - imap_quote_string off-by-one stack overflowg
CVE-2018-14353 - imap_quote_string int underflowg
CVE-2018-14354 - imap_subscribe Remote Code Executiong
CVE-2018-14355 - STATUS mailbox header cache directory traversalg                                                                                                                                                                    CVE-2018-14356 - POP empty UID NULL derefg
CVE-2018-14357 - LSUB Remote Code Executiong
CVE-2018-14358 - RFC822.SIZE Stack Overflowg
CVE-2018-14359 - base64 decode Stack Overflowg
CVE-2018-14362 - POP Message Cache Directory Traversalg

If you want a new patch I can generate one.
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2018-07-17 19:44:44 UTC 
(In reply to Derek Schrock from comment #1)

Yes, please. That would be great.
Comment 3 Derek Schrock 2018-07-17 21:23:36 UTC 
Created attachment 195221 [details]
new entry from master with CVEs

Added CVEs and used updated master security/vuxml
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-07-19 15:38:42 UTC 
A commit references this bug:

Author: fernape
Date: Thu Jul 19 15:37:58 UTC 2018
New revision: 474966
URL: https://svnweb.freebsd.org/changeset/ports/474966

Log:
  security/vuxml: add mutt vulnerabilities

  Include mutt vulnerabilities for mutt < 1.10.1

  PR:	229810
  Submitted by:	dereks@lifeofadishwasher.com
  Approved by:	tcberner (mentor)
  Differential Revision:	https://reviews.freebsd.org/D16321

Changes:
  head/security/vuxml/vuln.xml
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2018-07-19 15:40:13 UTC 
Committed,

Thanks!