Date: Mon, 11 May 2015 10:35:58 +0200 From: olli hauer <ohauer@gmx.de> To: Cristiano Deana <cristiano.deana@gmail.com>, FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>, freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: Re: Wrong security audit for mail/postfix ? Message-ID: <35A69C37-F4ED-4235-8491-5F66E355592F@gmx.de> In-Reply-To: <CAO82ECEyOzyHapBRKjrdrTobVfP5zjNGhX_uZn9Gfu7g7NzbOw@mail.gmail.com> References: <CAO82ECEyOzyHapBRKjrdrTobVfP5zjNGhX_uZn9Gfu7g7NzbOw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 11, 2015 9:38:46 AM CEST, Cristiano Deana <cristiano.deana@gmail.com> wrote: > Hi, > > this morning I got for my mailservers > > # pkg audit > postfix-2.11.4,1 is vulnerable: > postfix -- plaintext command injection with SMTP over TLS > CVE: CVE-2011-0411 > WWW: > http://vuxml.FreeBSD.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html > > postfix-2.11.4,1 is vulnerable: > Postfix -- memory corruption vulnerability > CVE: CVE-2011-1720 > WWW: > http://vuxml.FreeBSD.org/freebsd/3eb2c100-738b-11e0-89f4-001e90d46635.html > > But this is a bug from 2011, and it's blocking new install or updates > of postfix packages. > > Who should be warned of this? > > Thank you. Hi Cristiano, this should be fixed.meanwhile. Please run the command # pkg audit -F -- Regards, olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35A69C37-F4ED-4235-8491-5F66E355592F>