FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d62ec98e-97d8-11e5-8c0e-080027b00c2e	cyrus-imapd -- integer overflow in the start_octet addition Cyrus IMAP 2.5.7 Release Note states: CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch range checks Discovery 2015-11-04 Entry 2015-12-01 cyrus-imapd25 >= 2.5.0 lt 2.5.7 cyrus-imapd24 >= 2.4.0 lt 2.4.18_2 CVE-2015-8078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8078 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8078.html https://security-tracker.debian.org/tracker/CVE-2015-8078 CVE-2015-8077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8077 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8077.html https://security-tracker.debian.org/tracker/CVE-2015-8077
3d915d96-0b1f-11ec-8d9f-080027415d17	cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction Cyrus IMAP 3.4.2 Release Notes states: Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a single bucket. Each subsequent insertion to the same bucket requires a strcmp of every other entry in it. At tens of thousands of entries, each new insertion could keep the CPU busy in a strcmp loop for minutes. The string hashing algorithm has been replaced with a better one, and now also uses a random seed per hash table, so malicious inputs cannot be precomputed. Discovery 2021-05-26 Entry 2021-09-01 cyrus-imapd34 < 3.4.2 cyrus-imapd32 < 3.2.8 cyrus-imapd30 < 3.0.16 cyrus-imapd25 cyrus-imapd24 cyrus-imapd23 > 0 CVE-2021-33582 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33582

VuXML ID

Description

d62ec98e-97d8-11e5-8c0e-080027b00c2e

cyrus-imapd -- integer overflow in the start_octet addition

Cyrus IMAP 2.5.7 Release Note states:

CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch range checks

Discovery 2015-11-04
Entry 2015-12-01
cyrus-imapd25

>= 2.5.0 lt 2.5.7

cyrus-imapd24

>= 2.4.0 lt 2.4.18_2

CVE-2015-8078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8078
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8078.html
https://security-tracker.debian.org/tracker/CVE-2015-8078
CVE-2015-8077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8077
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8077.html
https://security-tracker.debian.org/tracker/CVE-2015-8077

3d915d96-0b1f-11ec-8d9f-080027415d17

cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction

Cyrus IMAP 3.4.2 Release Notes states:

Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a single bucket. Each subsequent insertion to the same bucket requires a strcmp of every other entry in it. At tens of thousands of entries, each new insertion could keep the CPU busy in a strcmp loop for minutes. The string hashing algorithm has been replaced with a better one, and now also uses a random seed per hash table, so malicious inputs cannot be precomputed.

Discovery 2021-05-26
Entry 2021-09-01
cyrus-imapd34

< 3.4.2

cyrus-imapd32

< 3.2.8

cyrus-imapd30

< 3.0.16

cyrus-imapd25
cyrus-imapd24
cyrus-imapd23

> 0

CVE-2021-33582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33582