[Bug 259938] mail/libspf2: CVE-2021-20314 update to 1.2.11

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 19 Nov 2021 19:12:32 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259938

            Bug ID: 259938
           Summary: mail/libspf2: CVE-2021-20314 update to 1.2.11
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: sunpoet@FreeBSD.org
          Reporter: supportme@ukr.net
          Assignee: sunpoet@FreeBSD.org
             Flags: maintainer-feedback?(sunpoet@FreeBSD.org)

Please see https://seclists.org/oss-sec/2021/q3/94

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain
SPF macros can lead to Denial of service and potentially code execution via
malicious crafted SPF explanation messages. CVE-2021-20314 has been assigned to
this issue.

An updated version of libspf2 (1.2.11) which also fixes other security related
issues is available from github (https://github.com/shevek/libspf2). The
libspf2 website (https://www.libspf2.org/download.html) and latest release
there is NOT UPDATED YET.

-- 
You are receiving this mail because:
You are the assignee for the bug.