From nobody Sun Mar 17 15:25:34 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TyMHz1VCRz5DZQM; Sun, 17 Mar 2024 15:25:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TyMHz0hhMz4vgb; Sun, 17 Mar 2024 15:25:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710689135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NiCsCJ75YeBIPrD2q6RgIFzoxQ3IXTyZg0XMtcjD5VE=; b=XfQIFZIKVIVKJBM6udmAEVTaAK6OFjyBOADk4ghUWbbx8mg7kGEY3QyaLJA2rTxY0CyK5d E9NtZIKT8ywZV+HmA5GnGvGOX+guNLLO0cniZDpg93fMUzjbg9afKcJ0Kwb5+dYNsoPLdC TmKxi6xXl5xrFVocUr8QhqDfQG5JFqHnL0rKtRbngmqUVWIqNATZThPU14p0mrd1GcqtaK VA+/AjGYg4tKBaj9GiMsBkVHfceVp5+M+2TaCYIa87lDEQZ4O7VZiXw2e6bHiDdPXinFNN xb3O5JP0VEJVwnZpOzTlIKhIL86aum5vHD7Fnkq+7XBkK0fqHX47ey/yAZE6RQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1710689135; a=rsa-sha256; cv=none; b=ofk3D1F/edaIX6QP9YEEx9CTCXx4QKHts8OeGWRDcsTsTS49YJ9qKYDbmxlcsUMaYPWBEC 0tHx2Ix882gwUYdMnn8P3h7/rrb8M3zGXCNNXX8yc0gD00x8rVwm+0ySByUr1RU8yZazya FBOgDR9vwpTJgZXqxEAsxfeSkMQC8Ux4fYcONjRNrO9UIG8KClRnoKoRFJSve13TJ/9NJw vucJWgomQg96BgNFVuNnXZdNwhXtnk2BRbpn5PjNE2FTYTLx/57ZDVHm9onj7ETGrZaROs PK5syNpbZnzRvpoGw5XE1HSh5IfXR0ybi/M3ov3hS6JcSxPyE1SRBPYBHUqAwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710689135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NiCsCJ75YeBIPrD2q6RgIFzoxQ3IXTyZg0XMtcjD5VE=; b=B/5Lg0LQEXtaUshhFC8rEDOV7i+7k/IEaRh0gKoU6yVrYZLVYNurKNMR9hNk71VjTeC97p bcIgGcmT8qaBiG2WFAd9it4SRBzmm3naDnW+8euSaRJLijieV4aM0uY9ycfF2FEp2aO5+k fXjiJi5pFf0Xq9u+HkOSn5Vege01fn/UA9dYrXKutOzeMrbiI9/aLtc1Rikn3t121RMfjV Q3tRw0n4a8QspH7TiCpHFVRyh5gJ3QNeUj2kJ9RBokaYfaUV1Rvd3PN9lk3ekvAHr9trTK yCbrFgSbbytJZn0lD6RrQ8OakC09OBe1f/W2XoxOvEx8DAKLq+/1kBD45lxdFw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TyMHz0HvZzkMQ; Sun, 17 Mar 2024 15:25:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42HFPYmc014330; Sun, 17 Mar 2024 15:25:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42HFPYJg014327; Sun, 17 Mar 2024 15:25:34 GMT (envelope-from git) Date: Sun, 17 Mar 2024 15:25:34 GMT Message-Id: <202403171525.42HFPYJg014327@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Florian Smeets Subject: git: 37a01c8b2f7a - main - security/vuxml: Add amavisd-new vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: flo X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 37a01c8b2f7a4ca71c1ef9d7a689ba7d97ce694e Auto-Submitted: auto-generated The branch main has been updated by flo: URL: https://cgit.FreeBSD.org/ports/commit/?id=37a01c8b2f7a4ca71c1ef9d7a689ba7d97ce694e commit 37a01c8b2f7a4ca71c1ef9d7a689ba7d97ce694e Author: Florian Smeets AuthorDate: 2024-03-17 15:20:42 +0000 Commit: Florian Smeets CommitDate: 2024-03-17 15:25:18 +0000 security/vuxml: Add amavisd-new vulnerability --- security/vuxml/vuln/2024.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 0997f7e82aec..93d54975a84d 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,36 @@ + + amavisd-new -- multipart boundary confusion + + + amavisd-new + 2.12.3 + + + + +

The Amavis project reports:

+
+

Emails which consist of multiple parts (`Content-Type: multipart/*`) + incorporate boundary information stating at which point one part ends and the + next part begins.

+

A boundary is announced by an Content-Type header's `boundary` parameter. To + our current knowledge, RFC2046 and RFC2045 do not explicitly specify how a + parser should handle multiple boundary parameters that contain conflicting + values. As a result, there is no canonical choice which of the values should or + should not be used for mime part decomposition.

+
+ +
+ + CVE-2024-28054 + https://gitlab.com/amavis/amavis/-/raw/v2.12.3/README_FILES/README.CVE-2024-28054 + + + 2024-03-14 + 2024-03-17 + +
+ typo3-{11,12} -- multiple vulnerabilities