From owner-freebsd-ports@FreeBSD.ORG Mon May 11 07:38:47 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 54DC75BD; Mon, 11 May 2015 07:38:47 +0000 (UTC) Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 20063191A; Mon, 11 May 2015 07:38:47 +0000 (UTC) Received: by oica37 with SMTP id a37so98077328oic.0; Mon, 11 May 2015 00:38:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=0ceFe/snchOTr/L74w8aGKkvTPvRyZZqrXrYTP/BdSg=; b=X+HUjE9SUinS3rYh265U1hVWnm/U663D4jX+mZ09YGsBPUXblB8dOO64IQWORy48r0 NarWGl1ZhSpfugahPCD9J72FgMIPQ3Wa712CQ42BVcNBDIe4OvuwloQjVt5G03ry+rhg R/Hd1kjK22ujlDFNJ0yaVAXK6r4pyy69eGcW4H5cdfSikbiVFUcuNR1is4lpVdNkZTGl rgGWpt63U1LxD2ply4go2xGScEvk/opM0pyjygjoz91iAUQMlCcDc299/Jn+2ExBxZfK STbAAviLCX5nWevvHz+cTh2pH30rr9MXKT9Hb9yWju8Fn7f+mQPBvRa3o0qjxepYj6ll T0gg== MIME-Version: 1.0 X-Received: by 10.60.82.4 with SMTP id e4mr7055240oey.42.1431329926287; Mon, 11 May 2015 00:38:46 -0700 (PDT) Received: by 10.182.18.7 with HTTP; Mon, 11 May 2015 00:38:46 -0700 (PDT) Date: Mon, 11 May 2015 09:38:46 +0200 Message-ID: Subject: Wrong security audit for mail/postfix ? From: Cristiano Deana To: FreeBSD Stable Mailing List , freebsd-security@freebsd.org, freebsd-ports@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2015 07:38:47 -0000 Hi, this morning I got for my mailservers # pkg audit postfix-2.11.4,1 is vulnerable: postfix -- plaintext command injection with SMTP over TLS CVE: CVE-2011-0411 WWW: http://vuxml.FreeBSD.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html postfix-2.11.4,1 is vulnerable: Postfix -- memory corruption vulnerability CVE: CVE-2011-1720 WWW: http://vuxml.FreeBSD.org/freebsd/3eb2c100-738b-11e0-89f4-001e90d46635.html But this is a bug from 2011, and it's blocking new install or updates of postfix packages. Who should be warned of this? Thank you. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/