svn commit: r562408 - head/security/vuxml
Juraj Lutter
otis at FreeBSD.org
Sat Jan 23 18:19:40 UTC 2021
Author: otis
Date: Sat Jan 23 18:19:40 2021
New Revision: 562408
URL: https://svnweb.freebsd.org/changeset/ports/562408
Log:
security/vuxml: Document mail/mutt vulnerability
Document mail/mutt vulnerability CVE-2021-3181
PR: 252931
Submitted by: Derek Schrock <dereks at lifeofadishwasher.com>
Reported by: Derek Schrock <dereks at lifeofadishwasher.com>
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D28308
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat Jan 23 18:14:51 2021 (r562407)
+++ head/security/vuxml/vuln.xml Sat Jan 23 18:19:40 2021 (r562408)
@@ -77,6 +77,39 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="387bbade-5d1d-11eb-bf20-4437e6ad11c4">
+ <topic>mutt -- denial of service</topic>
+ <affects>
+ <package>
+ <name>mutt</name>
+ <range><lt>2.0.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tavis Ormandy reports:</p>
+ <blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/323">
+ <p>
+ rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a
+ denial of service (mailbox unavailability) by sending email messages
+ with sequences of semicolon characters in RFC822 address fields
+ (aka terminators of empty groups). A small email message from the
+ attacker can cause large memory consumption, and the victim
+ may then be unable to see email messages from other persons.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://gitlab.com/muttmua/mutt/-/issues/323</url>
+ <cvename>CVE-2021-3181</cvename>
+ </references>
+ <dates>
+ <discovery>2021-01-17</discovery>
+ <entry>2021-01-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="31344707-5d87-11eb-929d-d4c9ef517024">
<topic>MySQL -- Multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list