svn commit: r520066 - head/security/vuxml
Cy Schubert
cy at FreeBSD.org
Fri Dec 13 20:03:39 UTC 2019
Author: cy
Date: Fri Dec 13 20:03:38 2019
New Revision: 520066
URL: https://svnweb.freebsd.org/changeset/ports/520066
Log:
Document two new spamassassin 3.4.2 vulnerabilities.
CVE-2019-12420 for Multipart Denial of Service Vulnerability
CVE-2018-11805 for nefarious CF files can be configured to run system
commands without any output or errors.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Dec 13 20:03:33 2019 (r520065)
+++ head/security/vuxml/vuln.xml Fri Dec 13 20:03:38 2019 (r520066)
@@ -58,6 +58,37 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="70111759-1dae-11ea-966a-206a8a720317">
+ <topic>spamassassin -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>spamassassin</name>
+ <range><lt>3.4.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>the Apache Spamassassin project reports:</p>
+ <blockquote cite="https://www.cybersecurity-help.cz/vdb/SB2019121311">
+ <p>An input validation error of user-supplied input parsing
+ multipart emails. Specially crafted emails can consume all
+ resources on the system.</p>
+ <p>A local user is able to execute arbitrary shell commands
+ through specially crafted nefarious CF files.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.cybersecurity-help.cz/vdb/SB2019121311</url>
+ <cvename>CVE-2019-12420</cvename>
+ <cvename>CVE-2018-11805</cvename>
+ </references>
+ <dates>
+ <discovery>2019-12-11</discovery>
+ <entry>2019-12-13</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1edae47e-1cdd-11ea-8c2a-08002743b791">
<topic>samba -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list