Bug 259172

Summary: mail/squirrelmail: Request to update to a newer snapshot
Product: Ports & Packages Reporter: Alexander Vereeken <Alexander88207>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed Not A Bug    
Severity: Affects Only Me CC: byrnejb, uzsolt
Priority: --- Flags: bugzilla: maintainer-feedback? (uzsolt)
Version: Latest   
Hardware: Any   
OS: Any   

Description Alexander Vereeken 2021-10-14 20:37:06 UTC 
Hello dear maintainer,

a user from the forum would like to see a newer snap of your port because he suffers from CVE-2020-14933.

See: https://forums.freebsd.org/threads/has-squirrelmail-cve-2020-14933-been-patched.82447/#post-536915

Thank you in advance!
Comment 1 James B. Byrne 2021-10-15 16:34:07 UTC 
Please see: https://forums.freebsd.org/threads/has-squirrelmail-cve-2020-14933-been-patched.82447/#post-537027

Project team claims there is no vulnerability. Investigation shows that this CVE was created through a misinformed post on Openwall (https://www.openwall.com/lists/oss-security/2020/06/20/1). 

However, to negate this CVE requires a notice be sent to NIST by either the vendor (FreeBSD) or the developer (SquirrelMail) or both.
Comment 2 Alexander Vereeken 2021-10-24 18:10:22 UTC 
Alright, thanks!