FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a64aa22f-61ec-11e9-85b9-a4badb296695dovecot -- json encoder crash

Aki Tuomi reports:

* CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used.


Discovery 2019-04-09
Entry 2019-04-18
Modified 2019-05-26
dovecot
>= 2.3.0 lt 2.3.5.2

dovecot2
>= 2.3.0 lt 2.3.5.2

https://dovecot.org/pipermail/dovecot-news/2019-April/000407.html
CVE-2019-10691
a8c8001b-216c-11e7-80aa-005056925db4dovecot -- Dovecot DoS when passdb dict was used for authentication

Timo Sirainen reports:

passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS.


Discovery 2016-12-01
Entry 2017-04-30
dovecot
dovecot2
> 2.2.25_6 lt 2.2.29

CVE-2017-2669
https://dovecot.org/list/dovecot-news/2017-April/000341.html
https://dovecot.org/list/dovecot-news/2017-April/000342.html