FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-20 14:15:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d2a43243-087b-11db-bc36-0008743bf21a	mutt -- Remote Buffer Overflow Vulnerability SecurityFocus reports: Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users. Discovery 2006-06-26 Entry 2006-06-30 mutt mutt-lite <= 1.4.2.1_2 mutt-devel mutt-devel-lite <= 1.5.11_2 ja-mutt <= 1.4.2.1.j1 zh-mutt-devel <= 1.5.11_20040617 ja-mutt-devel <= 1.5.6.j1_2 mutt-ng <= 20060501 18642 http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540
49314321-7fd4-11e1-9582-001b2134ef46	mutt-devel -- failure to check SMTP TLS server certificate Dave B reports on Full Disclosure: It seems that mutt fails to check the validity of a SMTP servers certificate during a TLS connection. [...] This means that an attacker could potentially MITM a mutt user connecting to their SMTP server even when the user has forced a TLS connection. Discovery 2012-03-08 Entry 2012-04-06 mutt-devel < 1.5.21_4 CVE-2011-1429 http://seclists.org/fulldisclosure/2011/Mar/87

VuXML ID

Description

d2a43243-087b-11db-bc36-0008743bf21a

mutt -- Remote Buffer Overflow Vulnerability

SecurityFocus reports:

Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.

Discovery 2006-06-26
Entry 2006-06-30
mutt
mutt-lite

<= 1.4.2.1_2

mutt-devel
mutt-devel-lite

<= 1.5.11_2

ja-mutt

<= 1.4.2.1.j1

zh-mutt-devel

<= 1.5.11_20040617

ja-mutt-devel

<= 1.5.6.j1_2

mutt-ng

<= 20060501

18642
http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540

49314321-7fd4-11e1-9582-001b2134ef46

mutt-devel -- failure to check SMTP TLS server certificate

Dave B reports on Full Disclosure:

It seems that mutt fails to check the validity of a SMTP servers certificate during a TLS connection. [...] This means that an attacker could potentially MITM a mutt user connecting to their SMTP server even when the user has forced a TLS connection.

Discovery 2012-03-08
Entry 2012-04-06
mutt-devel

< 1.5.21_4

CVE-2011-1429
http://seclists.org/fulldisclosure/2011/Mar/87