Date: Fri, 19 Nov 2021 19:12:32 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 259938] mail/libspf2: CVE-2021-20314 update to 1.2.11 Message-ID: <bug-259938-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259938 Bug ID: 259938 Summary: mail/libspf2: CVE-2021-20314 update to 1.2.11 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: sunpoet@FreeBSD.org Reporter: supportme@ukr.net Assignee: sunpoet@FreeBSD.org Flags: maintainer-feedback?(sunpoet@FreeBSD.org) Please see https://seclists.org/oss-sec/2021/q3/94 Stack buffer overflow in libspf2 versions below 1.2.11 when processing cert= ain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. CVE-2021-20314 has been assigne= d to this issue. An updated version of libspf2 (1.2.11) which also fixes other security rela= ted issues is available from github (https://github.com/shevek/libspf2). The libspf2 website (https://www.libspf2.org/download.html) and latest release there is NOT UPDATED YET. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259938-7788>