Date: Tue, 03 May 2022 08:17:43 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 263749] mail/rainloop mail/rainloop-community: affected by CVE-2022-29360 Message-ID: <bug-263749-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263749 Bug ID: 263749 Summary: mail/rainloop mail/rainloop-community: affected by CVE-2022-29360 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: yasu@freebsd.org Reporter: lapo@lapo.it Assignee: yasu@freebsd.org Flags: maintainer-feedback?(yasu@freebsd.org) Cfr.=20 https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw https://github.com/RainLoop/rainloop-webmail/issues/2142 Unfortunately I don't have a time for a patch at the moment, but it could m= ake sense to either: - add CVE indication to `pkg audit` - add SonarSource-produced unofficial patch to this port - add SnappyMail in the Ports --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263749-7788>