FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 12:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1d6410e8-06c1-11ec-a35d-03ca114d16d6fetchmail -- STARTTLS bypass vulnerabilities

Problem:

In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation.


Discovery 2021-08-10
Entry 2021-08-26
fetchmail
< 6.4.22.r1

CVE-2021-39272
https://www.fetchmail.info/fetchmail-SA-2021-02.txt
cbfd1874-efea-11eb-8fe9-036bd763ff35fetchmail -- 6.4.19 and older denial of service or information disclosure

Matthias Andree reports:

When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation.


Discovery 2021-07-07
Entry 2021-07-28
Modified 2021-08-03
fetchmail
< 6.3.9

>= 6.3.17 lt 6.4.20

CVE-2021-36386
CVE-2008-2711
https://sourceforge.net/p/fetchmail/mailman/message/37327392/