From nobody Wed Jun  5 11:35:01 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VvQP12G9Tz5MdtF;
	Wed, 05 Jun 2024 11:35:01 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VvQP11kzFz4gVY;
	Wed,  5 Jun 2024 11:35:01 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1717587301;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=r3KBhijUqBHv1ga5xyEFEzFnlVBR/YXeLGi2614dso4=;
	b=K6Ta975EhhtGNzrxZ+TQus3UzFdxDL79BvHOppf0nyTbQLV480TIuPFMJqhNOIb8EFmD5R
	S/ho/6560D83p04VTIM4nE7AxBB3+qDxgSPSKdL+fuFtr3ZM8Gp17f1j+A8VwiActOTaGQ
	ZlO7K3ZQoLoh0BYjZPX4wm/s7nDfdPEpt/88cSRjym7O/ttv1JJnPSXHn6AB+eiRfZ9jYF
	YZREi8tDW80c4mcub9ku1pNC97ERNgHaKaHxRLna73RvMkZ0zrs6YtEnHhTIOu7+BlAvSq
	6I2tobw0+RwRGMp464X6Eiudm17WkwtXvj6lQDm2u1CckC6oWTo0ch8vBPCD0w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1717587301; a=rsa-sha256; cv=none;
	b=WC+oZjNsgruHQYNo6F4k7IOadjpjCnRtSrIeVpqS1raREZiaJ73ONV3Z5Ari0U/PGYhzsC
	5Gl6T0URuVWrjcONbBy+Sk5rlxx06VTzLUoX9hkJk6Dd56gMGN/3R30YY1nkokwy7ClVCj
	FAkZRg09kNPcxppROMUmv+a1QLJWezm7lW71JdVB61ltgGObSH5GCQCaCixDsSlKc9Lyug
	xVZWT/+U8zCBfZIDnH0ue4rsHv6S7saXL05Kk75594/zIfxSfkfMRGrQMXgbaa18GKrdiJ
	cda5rAtp6x+nV5z64MYr5Je3Nn/Z1oa7uCNBJTyfJ7duzL7Lqy8Ag7YcxLwarQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1717587301;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=r3KBhijUqBHv1ga5xyEFEzFnlVBR/YXeLGi2614dso4=;
	b=V2aHcE4ElJv1YjfqUBmhOaX/myAjBY5ScdPPZvTdBiFKIrLvQL8h377z51dp1Q2ibJnL+x
	AsdHH5oei6c+IIAJUrimCi9hxlrwrvoEbCmOccYc2HkcanUiiWODtIMs86RnNjYUH2oV4T
	sa69k1CrbGMaBxhoUPRGz0MwJnB3H6dqS8I4nxCyp5nzpGZ7anqNFL+W+AYolmRwm7lbZU
	0HpSj57t5u9UDn6BXHNtxaNRIuaL2THWTIA1gmC/Y85zNnP42LntHK0xVsgEFyCUasByce
	5WVb4uIkZN3Bcl5V4oVj2Lu6yiElzZUvJ9ZSDfE2fbCliAz4jGIbnjoLQYLUZQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VvQP11Cn1z118p;
	Wed,  5 Jun 2024 11:35:01 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 455BZ1dh046464;
	Wed, 5 Jun 2024 11:35:01 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 455BZ1DC046461;
	Wed, 5 Jun 2024 11:35:01 GMT
	(envelope-from git)
Date: Wed, 5 Jun 2024 11:35:01 GMT
Message-Id: <202406051135.455BZ1DC046461@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Hajimu UMEMOTO <ume@FreeBSD.org>
Subject: git: 87af01cb1e73 - main - security/vuxml: add cyrus-imapd*
  < 3.8.3
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ume
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 87af01cb1e736e480caf38dcbc8e93330df8ba4a
Auto-Submitted: auto-generated

The branch main has been updated by ume:

URL: https://cgit.FreeBSD.org/ports/commit/?id=87af01cb1e736e480caf38dcbc8e93330df8ba4a

commit 87af01cb1e736e480caf38dcbc8e93330df8ba4a
Author:     Hajimu UMEMOTO <ume@FreeBSD.org>
AuthorDate: 2024-06-05 11:32:19 +0000
Commit:     Hajimu UMEMOTO <ume@FreeBSD.org>
CommitDate: 2024-06-05 11:32:19 +0000

    security/vuxml: add cyrus-imapd* < 3.8.3
    
    Obtained from:  https://www.cyrusimap.org/3.8/imap/download/release-notes/3.8/x/3.8.3.html
---
 security/vuxml/vuln/2024.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index b1ef1325f5b3..f0c1c2cb94e2 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,45 @@
+  <vuln vid="14908bda-232b-11ef-b621-00155d645102">
+    <topic>cyrus-imapd -- unbounded memory allocation</topic>
+    <affects>
+      <package>
+	<name>cyrus-imapd38</name>
+	<range><lt>3.8.2_1</lt></range>
+      </package>
+      <package>
+	<name>cyrus-imapd36</name>
+	<range><lt>3.6.4_1</lt></range>
+      </package>
+      <package>
+	<name>cyrus-imapd34</name>
+	<range><lt>3.4.7_1</lt></range>
+      </package>
+      <package>
+	<name>cyrus-imapd32</name>
+	<name>cyrus-imapd30</name>
+	<name>cyrus-imapd25</name>
+	<range><gt>0</gt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Cyrus IMAP 3.8.3 Release Notes states:</p>
+	<blockquote cite="https://www.cyrusimap.org/3.8/imap/download/release-notes/3.8/x/3.8.3.html">
+	  <p>Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.</p>
+	  <p>The IMAP protocol allows for command arguments to be LITERALs of negotiated length, and for these the server allocates memory to receive the content before instructing the client to proceed. The allocated memory is released when the whole command has been received and processed.</p>
+	  <p>The IMAP protocol has a number commands that specify an unlimited number of arguments, for example SEARCH. Each of these arguments can be a LITERAL, for which memory will be allocated and not released until the entire command has been received and processed. This can run a server out of memory, with varying consequences depending on the server's OOM policy.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2024-34055</cvename>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34055</url>
+    </references>
+    <dates>
+      <discovery>2024-04-30</discovery>
+      <entry>2024-06-05</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="b058380e-21a4-11ef-8a0f-a8a1599412c6">
     <topic>chromium -- multiple security fixes</topic>
     <affects>