Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Aug 2021 18:19:27 GMT
From:      Matthias Andree <mandree@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: b956528b42f1 - main - security/vuxml: update fetchmail CVE-2021-36386 vuln
Message-ID:  <202108031819.173IJRbs060294@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b956528b42f11820ce690c51e452bf745084fd5e

commit b956528b42f11820ce690c51e452bf745084fd5e
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-08-03 15:29:46 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-08-03 18:19:14 +0000

    security/vuxml: update fetchmail CVE-2021-36386 vuln
    
    this vuln was a reintroduction of CVE-2008-2711 which got fixed in
    fetchmail 6.3.9, when 6.3.17 refactored code.
    
    - restrict range (>= 6.3.9 < 6.3.17 unaffected)
    - add reference to old CVE-2008-2711
    
    URL:            https://www.fetchmail.info/fetchmail-SA-2021-01.txt
    Security:       cbfd1874-efea-11eb-8fe9-036bd763ff35
    Security:       CVE-2021-36386
    Security:       CVE-2008-2711
---
 security/vuxml/vuln-2021.xml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index 4029b4cac0ca..bcc078f0d575 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -190,7 +190,8 @@ In limited circumstances it was possible for users to authenticate using variati
     <affects>
       <package>
 	<name>fetchmail</name>
-	<range><lt>6.4.20</lt></range>
+	<range><lt>6.3.9</lt></range>
+	<range><ge>6.3.17</ge><lt>6.4.20</lt></range>
       </package>
     </affects>
     <description>
@@ -205,11 +206,13 @@ In limited circumstances it was possible for users to authenticate using variati
     </description>
     <references>
       <cvename>CVE-2021-36386</cvename>
+      <cvename>CVE-2008-2711</cvename>
       <url>https://sourceforge.net/p/fetchmail/mailman/message/37327392/</url>;
     </references>
     <dates>
       <discovery>2021-07-07</discovery>
       <entry>2021-07-28</entry>
+      <modified>2021-08-03</modified>
     </dates>
   </vuln>
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108031819.173IJRbs060294>