From owner-freebsd-stable@FreeBSD.ORG  Mon May 11 08:36:05 2015
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D5921A04;
 Mon, 11 May 2015 08:36:05 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6D0621020;
 Mon, 11 May 2015 08:36:04 +0000 (UTC)
Received: from [10.193.61.94] ([109.42.0.174]) by mail.gmx.com (mrgmx103) with
 ESMTPSA (Nemesis) id 0MO7Ca-1YoRwG1VEy-005byR;
 Mon, 11 May 2015 10:35:56 +0200
User-Agent: K-9 Mail for Android
In-Reply-To: <CAO82ECEyOzyHapBRKjrdrTobVfP5zjNGhX_uZn9Gfu7g7NzbOw@mail.gmail.com>
References: <CAO82ECEyOzyHapBRKjrdrTobVfP5zjNGhX_uZn9Gfu7g7NzbOw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: Wrong security audit for mail/postfix ?
From: olli hauer <ohauer@gmx.de>
Date: Mon, 11 May 2015 10:35:58 +0200
To: Cristiano Deana <cristiano.deana@gmail.com>,
 FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>,
 freebsd-security@freebsd.org, freebsd-ports@freebsd.org
Message-ID: <35A69C37-F4ED-4235-8491-5F66E355592F@gmx.de>
X-Provags-ID: V03:K0:cWXn3P5boDTf4vf7N7SjyHZosCJf4Qm4pKpMdUYcq7KKQC+qB6o
 KGbsl7WmRZJv1R2i3+eZdQxVbtxvyk3xkk8GFpvR3xSV1YzfB28R/AgE/yGkhX5xsCeMBQt
 DKS/OEqaQ0e97ZbRMr6JKcrzZnE0fN4SBZQtuyxjOGI67oD6v2SMGO49FDWu+jZedm2+7aX
 anR01PTCqaI92qVGub9rA==
X-UI-Out-Filterresults: notjunk:1;
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2015 08:36:05 -0000

On May 11, 2015 9:38:46 AM CEST, Cristiano Deana <cristiano=2Edeana@gmail=
=2Ecom> wrote:
> Hi,
>=20
> this morning I got for my mailservers
>=20
>  # pkg audit
> postfix-2=2E11=2E4,1 is vulnerable:
> postfix -- plaintext command injection with SMTP over TLS
> CVE: CVE-2011-0411
> WWW:
> http://vuxml=2EFreeBSD=2Eorg/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c=
7=2Ehtml
>=20
> postfix-2=2E11=2E4,1 is vulnerable:
> Postfix -- memory corruption vulnerability
> CVE: CVE-2011-1720
> WWW:
> http://vuxml=2EFreeBSD=2Eorg/freebsd/3eb2c100-738b-11e0-89f4-001e90d4663=
5=2Ehtml
>=20
> But this is a bug from 2011, and it's blocking new install or updates
> of postfix packages=2E
>=20
> Who should be warned of this?
>=20
> Thank you=2E

Hi Cristiano,

this should be fixed=2Emeanwhile=2E

Please run the command=20
# pkg audit -F

--=20
Regards,
olli