From owner-freebsd-ports-bugs@freebsd.org  Thu Oct  1 02:15:30 2015
Return-Path: <owner-freebsd-ports-bugs@freebsd.org>
Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89B52A0D502
 for <freebsd-ports-bugs@mailman.ysv.freebsd.org>;
 Thu,  1 Oct 2015 02:15:30 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 75682115B
 for <freebsd-ports-bugs@FreeBSD.org>; Thu,  1 Oct 2015 02:15:30 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t912FUml034669
 for <freebsd-ports-bugs@FreeBSD.org>; Thu, 1 Oct 2015 02:15:30 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-ports-bugs@FreeBSD.org
Subject: [Bug 203461] mail/james: security/vuxml: update to 2.3.2.1
 (arbitrary system command execution for servers)
Date: Thu, 01 Oct 2015 02:15:30 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: needs-patch, security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: junovitch@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status keywords bug_severity priority component assigned_to
 reporter cc
Message-ID: <bug-203461-13@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2015 02:15:30 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203461

            Bug ID: 203461
           Summary: mail/james: security/vuxml: update to 2.3.2.1
                    (arbitrary system command execution for servers)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: needs-patch, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs@FreeBSD.org
          Reporter: junovitch@freebsd.org
                CC: ports-secteam@FreeBSD.org
                CC: ports-secteam@FreeBSD.org

http://www.openwall.com/lists/oss-security/2015/09/30/7

Also:
http://james.apache.org/download.cgi#Apache_James_Server
Apache James 2.3.2.1 is the stable version

This release has many enhancements and bug fixes over the previous release. See
the Release Notes for a detailed list of changes. Some of the earlier defects
could turn a James mail server into an Open Relay and allow files to be written
on disk. All users of James Server are urged to upgrade to version v2.3.2.1 as
soon as possible.

-- 
You are receiving this mail because:
You are the assignee for the bug.