[Bug 259938] mail/libspf2: CVE-2021-20314 update to 1.2.11
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 19 Nov 2021 19:12:32 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259938 Bug ID: 259938 Summary: mail/libspf2: CVE-2021-20314 update to 1.2.11 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: sunpoet@FreeBSD.org Reporter: supportme@ukr.net Assignee: sunpoet@FreeBSD.org Flags: maintainer-feedback?(sunpoet@FreeBSD.org) Please see https://seclists.org/oss-sec/2021/q3/94 Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. CVE-2021-20314 has been assigned to this issue. An updated version of libspf2 (1.2.11) which also fixes other security related issues is available from github (https://github.com/shevek/libspf2). The libspf2 website (https://www.libspf2.org/download.html) and latest release there is NOT UPDATED YET. -- You are receiving this mail because: You are the assignee for the bug.