FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1cae628c-3569-11e0-8e81-0022190034c0rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability

Secunia reports:

Input passed via an email from address is not properly sanitised in the "deliver()" function (lib/mail/network/delivery_methods/sendmail.rb) before being used as a command line argument. This can be exploited to inject arbitrary shell commands.


Discovery 2011-01-25
Entry 2011-02-10
rubygem-mail
< 2.2.15

46021
CVE-2011-0739
http://secunia.com/advisories/43077/
http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1
3d55b961-9a2e-11e1-a2ef-001fd0af1a4crubygem-mail -- multiple vulnerabilities

rubygem-mail -- multiple vulnerabilities

Two issues were fixed. They are a file system traversal in file_delivery method and arbitrary command execution when using exim or sendmail from the command line.


Discovery 2012-03-14
Entry 2012-05-09
rubygem-mail
< 2.4.4

CVE-2012-2139
CVE-2012-2140
http://seclists.org/oss-sec/2012/q2/190