Bug 259172 - mail/squirrelmail: Request to update to a newer snapshot
Summary: mail/squirrelmail: Request to update to a newer snapshot
Status: Closed Not A Bug
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-14 20:37 UTC by Alexander Vereeken
Modified: 2021-10-24 18:10 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (uzsolt)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Vereeken 2021-10-14 20:37:06 UTC
Hello dear maintainer,

a user from the forum would like to see a newer snap of your port because he suffers from CVE-2020-14933.

See: https://forums.freebsd.org/threads/has-squirrelmail-cve-2020-14933-been-patched.82447/#post-536915

Thank you in advance!
Comment 1 James B. Byrne 2021-10-15 16:34:07 UTC
Please see: https://forums.freebsd.org/threads/has-squirrelmail-cve-2020-14933-been-patched.82447/#post-537027

Project team claims there is no vulnerability. Investigation shows that this CVE was created through a misinformed post on Openwall (https://www.openwall.com/lists/oss-security/2020/06/20/1). 

However, to negate this CVE requires a notice be sent to NIST by either the vendor (FreeBSD) or the developer (SquirrelMail) or both.
Comment 2 Alexander Vereeken 2021-10-24 18:10:22 UTC
Alright, thanks!