FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-24 11:27:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a59afa47-c930-11dc-810c-0016179b2dd5claws-mail -- insecure temporary file creation

Nico Golde reports:

A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail.


Discovery 2007-12-03
Entry 2008-01-22
Modified 2008-02-12
claws-mail
< 3.1.0

26676
CVE-2007-6208
http://www.gentoo.org/security/en/glsa/glsa-200801-03.xml
http://security.gentoo.org/glsa/glsa-200801-03.xml
http://secunia.com/advisories/27897
51358314-bec8-11e5-82cd-bcaec524bf84claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc

DrWhax reports:

So in codeconv.c there is a function for Japanese character set conversion called conv_jistoeuc(). There is no bounds checking on the output buffer, which is created on the stack with alloca() Bug can be triggered by sending an email to TAILS_luser@riseup.net or whatever. Since my C is completely rusty, you might be able to make a better judgment on the severity of this issue. Marking critical for now.


Discovery 2015-11-04
Entry 2016-01-19
claws-mail
< 3.13.2

CVE-2015-8614
https://security-tracker.debian.org/tracker/CVE-2015-8614