From nobody Fri Apr 15 17:08:37 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D2B2C8D756A; Fri, 15 Apr 2022 17:08:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Kg2ps5Yf6z3kNc; Fri, 15 Apr 2022 17:08:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650042517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QbJM8/e374ItzlDNJjizJNziOZ6DcyIkFgGg/sYAcE8=; b=c7e0utkOymm9xxfVsB2v8XEk+hPAstnrwmml9LGhrTjVXyEPoKBexQP5cDDjtSd06bT/E1 y9oB54MwgylOvcpYPNPC+f0mCpvUUiktb3k/oxIttMp8kMyDTHU6/yprU9Hw8cmWWEDdq3 3zlMA8FBJEP3vm6/H9C7sDetPvO0BvvDNzViJG8RaZW6knCBdZeTM0vwLrff6xv+CYiS6X Ei6MyimYi0ADTRW3D2YHdhxnVy7aTuZtzyYhuRvvgOfTm+ekp/tS3v8NtqA5ZKq9kRVZwu 3whSnIhjUblhtz946mU4B91bgAbJrfJcKgaix/3z3lI1bHzhnSdyCgZ8YAcT2Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9E5681926B; Fri, 15 Apr 2022 17:08:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23FH8bGl080123; Fri, 15 Apr 2022 17:08:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23FH8bmb080122; Fri, 15 Apr 2022 17:08:37 GMT (envelope-from git) Date: Fri, 15 Apr 2022 17:08:37 GMT Message-Id: <202204151708.23FH8bmb080122@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: =?utf-8?Q?Fernando Apestegu=C3=ADa?= Subject: git: 377603c4bf37 - main - security/vuxml: Add CVE-2022-1328 mail/mutt < 2.2.3 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 377603c4bf37e99f05751916266e2456fad689e8 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650042517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QbJM8/e374ItzlDNJjizJNziOZ6DcyIkFgGg/sYAcE8=; b=AY+OUs0Hu5cYR5Da9IU44NgrcGmh3w7bO3G3tYnpQSYIuXL6O2q9YSxSmTOerNTKdQ+idm 6Sz5lyezERA/fQQ2HYUmpTRyf+9ghR4NZOzm8yuwoekFMjUvjuYT+qd4C1Rts9aGC34m4t exoGTuJKeyrmTghsNvcJFNO5uJDlmVQbFirmE/5tFubmDwqpbFRzYQp0FrPMpl+dTRVdrn AMwqZWrsTItcQaJoMUUGqYzb1QwAjK35FcNGYwctB5bs06rDeE9+sf2PQt4CvhRBhca8Vn 08+m1wcBmYMnxo5j4LZt5rNDTKNwTggqFFYUvsRio7FpmMGMrIeAzvYx4ezE7g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1650042517; a=rsa-sha256; cv=none; b=xZrhwze9iVNAR0tMDs4QwHtpeAjberIpYnEWIoXQLv5frjs8dt3K2dcvSBJp0JHXekhrZM ABAYpA/ab8Y4+bfI9qB2lB0lWAeC24uOwq35fwLNemNU7Wz/7KvgpLiVTCdFbqMn7tPdJq QYDfjgnzbyvAjI1epAv352FRM3TA9tnxH7L50e3y2Wsgqg6bYy5SAVvB0VeV7lII5P38zX Ju2N5DmrvNMbIDu9U2V6az9IyK7IuH64It7dk4uNDRHwIPdkkrgP3ryX8jpkSipTfy0Shz TWY/BZ9+eWsTVTz8LMGhStJlkhXR3OFW/aYauFN9tpxlKlqsPOJwBEKuH1HgYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=377603c4bf37e99f05751916266e2456fad689e8 commit 377603c4bf37e99f05751916266e2456fad689e8 Author: Derek Schrock AuthorDate: 2022-04-13 06:36:41 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2022-04-15 17:06:04 +0000 security/vuxml: Add CVE-2022-1328 mail/mutt < 2.2.3 ChangeLog: https://gitlab.com/muttmua/mutt/-/issues/404 PR: 263247 Reported by: dereks@lifeofadishwasher.com --- security/vuxml/vuln-2022.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 88c3c22640e6..b08e2c2f17aa 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -255,6 +255,32 @@ + + mutt -- mutt_decode_uuencoded() can read past the of the input line + + + mutt + 2.2.3 + + + + +

Tavis Ormandy reports:

+
+

mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys

+
+ +
+ + CVE-2022-1328 + https://gitlab.com/muttmua/mutt/-/issues/404 + + + 2022-04-04 + 2022-04-12 + +
+ Chromium -- mulitple vulnerabilities