Date: Thu, 19 Jul 2018 15:37:57 +0000 (UTC) From: =?UTF-8?Q?Fernando_Apestegu=c3=ada?= <fernape@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r474966 - head/security/vuxml Message-ID: <201807191537.w6JFbvnO095684@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: fernape Date: Thu Jul 19 15:37:57 2018 New Revision: 474966 URL: https://svnweb.freebsd.org/changeset/ports/474966 Log: security/vuxml: add mutt vulnerabilities Include mutt vulnerabilities for mutt < 1.10.1 PR: 229810 Submitted by: dereks@lifeofadishwasher.com Approved by: tcberner (mentor) Differential Revision: https://reviews.freebsd.org/D16321 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jul 19 14:57:45 2018 (r474965) +++ head/security/vuxml/vuln.xml Thu Jul 19 15:37:57 2018 (r474966) @@ -58,6 +58,63 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="a2f35081-8a02-11e8-8fa5-4437e6ad11c4"> + <topic>mutt -- remote code injection and path traversal vulnerability</topic> + <affects> + <package> + <name>mutt</name> + <range><lt>1.10.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Kevin J. McCarthy reports:</p> + <blockquote cite="http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html">; + <p>Fixes a remote code injection vulnerability when "subscribing" + to an IMAP mailbox, either via $imap_check_subscribed, or via the + <subscribe> function in the browser menu. Mutt was generating a + "mailboxes" command and sending that along to the muttrc parser. + However, it was not escaping "`", which executes code and inserts + the result. This would allow a malicious IMAP server to execute + arbitrary code (for $imap_check_subscribed).</p> + <p>Fixes POP body caching path traversal vulnerability.</p> + <p>Fixes IMAP header caching path traversal vulnerability.</p> + <p>CVE-2018-14349 - NO Response Heap Overflow</p> + <p>CVE-2018-14350 - INTERNALDATE Stack Overflow</p> + <p>CVE-2018-14351 - STATUS Literal Length relative write</p> + <p>CVE-2018-14352 - imap_quote_string off-by-one stack overflow</p> + <p>CVE-2018-14353 - imap_quote_string int underflow</p> + <p>CVE-2018-14354 - imap_subscribe Remote Code Execution</p> + <p>CVE-2018-14355 - STATUS mailbox header cache directory traversal</p> + <p>CVE-2018-14356 - POP empty UID NULL deref</p> + <p>CVE-2018-14357 - LSUB Remote Code Execution</p> + <p>CVE-2018-14358 - RFC822.SIZE Stack Overflow</p> + <p>CVE-2018-14359 - base64 decode Stack Overflow</p> + <p>CVE-2018-14362 - POP Message Cache Directory Traversal</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2018-14349</cvename> + <cvename>CVE-2018-14350</cvename> + <cvename>CVE-2018-14351</cvename> + <cvename>CVE-2018-14352</cvename> + <cvename>CVE-2018-14353</cvename> + <cvename>CVE-2018-14354</cvename> + <cvename>CVE-2018-14355</cvename> + <cvename>CVE-2018-14356</cvename> + <cvename>CVE-2018-14357</cvename> + <cvename>CVE-2018-14358</cvename> + <cvename>CVE-2018-14359</cvename> + <cvename>CVE-2018-14362</cvename> + <url>http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html</url>; + </references> + <dates> + <discovery>2018-07-15</discovery> + <entry>2018-07-17</entry> + </dates> + </vuln> + <vuln vid="fe12ef83-8b47-11e8-96cc-001a4a7ec6be"> <topic>mutt/neomutt -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807191537.w6JFbvnO095684>