git: 377603c4bf37 - main - security/vuxml: Add CVE-2022-1328 mail/mutt < 2.2.3
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 15 Apr 2022 17:08:37 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=377603c4bf37e99f05751916266e2456fad689e8
commit 377603c4bf37e99f05751916266e2456fad689e8
Author: Derek Schrock <dereks@lifeofadishwasher.com>
AuthorDate: 2022-04-13 06:36:41 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-04-15 17:06:04 +0000
security/vuxml: Add CVE-2022-1328 mail/mutt < 2.2.3
ChangeLog: https://gitlab.com/muttmua/mutt/-/issues/404
PR: 263247
Reported by: dereks@lifeofadishwasher.com
---
security/vuxml/vuln-2022.xml | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 88c3c22640e6..b08e2c2f17aa 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -255,6 +255,32 @@
</dates>
</vuln>
+ <vuln vid="6eb9cf14-bab0-11ec-8f59-4437e6ad11c4">
+ <topic>mutt -- mutt_decode_uuencoded() can read past the of the input line</topic>
+ <affects>
+ <package>
+ <name>mutt</name>
+ <range><lt>2.2.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tavis Ormandy reports:</p>
+ <blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/404">
+ <p>mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-1328</cvename>
+ <url>https://gitlab.com/muttmua/mutt/-/issues/404</url>
+ </references>
+ <dates>
+ <discovery>2022-04-04</discovery>
+ <entry>2022-04-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec">
<topic>Chromium -- mulitple vulnerabilities</topic>
<affects>