Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 May 2015 10:35:58 +0200
From:      olli hauer <ohauer@gmx.de>
To:        Cristiano Deana <cristiano.deana@gmail.com>, FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>, freebsd-security@freebsd.org, freebsd-ports@freebsd.org
Subject:   Re: Wrong security audit for mail/postfix ?
Message-ID:  <35A69C37-F4ED-4235-8491-5F66E355592F@gmx.de>
In-Reply-To: <CAO82ECEyOzyHapBRKjrdrTobVfP5zjNGhX_uZn9Gfu7g7NzbOw@mail.gmail.com>
References:  <CAO82ECEyOzyHapBRKjrdrTobVfP5zjNGhX_uZn9Gfu7g7NzbOw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On May 11, 2015 9:38:46 AM CEST, Cristiano Deana <cristiano=2Edeana@gmail=
=2Ecom> wrote:
> Hi,
>=20
> this morning I got for my mailservers
>=20
>  # pkg audit
> postfix-2=2E11=2E4,1 is vulnerable:
> postfix -- plaintext command injection with SMTP over TLS
> CVE: CVE-2011-0411
> WWW:
> http://vuxml=2EFreeBSD=2Eorg/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c=
7=2Ehtml
>=20
> postfix-2=2E11=2E4,1 is vulnerable:
> Postfix -- memory corruption vulnerability
> CVE: CVE-2011-1720
> WWW:
> http://vuxml=2EFreeBSD=2Eorg/freebsd/3eb2c100-738b-11e0-89f4-001e90d4663=
5=2Ehtml
>=20
> But this is a bug from 2011, and it's blocking new install or updates
> of postfix packages=2E
>=20
> Who should be warned of this?
>=20
> Thank you=2E

Hi Cristiano,

this should be fixed=2Emeanwhile=2E

Please run the command=20
# pkg audit -F

--=20
Regards,
olli



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35A69C37-F4ED-4235-8491-5F66E355592F>