259172 – mail/squirrelmail: Request to update to a newer snapshot

Bug 259172 - mail/squirrelmail: Request to update to a newer snapshot

Summary: mail/squirrelmail: Request to update to a newer snapshot

Status:	Closed Not A Bug

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-10-14 20:37 UTC by Alexander Vereeken
Modified:	2021-10-24 18:10 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (uzsolt)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Vereeken freebsd_triage

2021-10-14 20:37:06 UTC

Hello dear maintainer,

a user from the forum would like to see a newer snap of your port because he suffers from CVE-2020-14933.

See: https://forums.freebsd.org/threads/has-squirrelmail-cve-2020-14933-been-patched.82447/#post-536915

Thank you in advance!

Comment 1 James B. Byrne 2021-10-15 16:34:07 UTC

Please see: https://forums.freebsd.org/threads/has-squirrelmail-cve-2020-14933-been-patched.82447/#post-537027

Project team claims there is no vulnerability. Investigation shows that this CVE was created through a misinformed post on Openwall (https://www.openwall.com/lists/oss-security/2020/06/20/1). 

However, to negate this CVE requires a notice be sent to NIST by either the vendor (FreeBSD) or the developer (SquirrelMail) or both.

Comment 2 Alexander Vereeken freebsd_triage

2021-10-24 18:10:22 UTC

Alright, thanks!