From nobody Fri Nov 08 14:04:40 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XlLKh5k2Wz5cHxn; Fri, 08 Nov 2024 14:04:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XlLKh3Yqpz4YHr; Fri, 8 Nov 2024 14:04:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731074680; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/p8cQMX+fsiLeHSuwilabWUioERNUkqe108980/gXOA=; b=cOaL4NCPeOTg68vhuPqvFM+UBi2DB1iiEU3kv+6N9flQu2fR9NY113IKkv/Qx5WGioTlro uJuCvTRQxyc8cLlxUHIQgbJ7QAD3l9NuS+/ACZZomD8GfHxeK2XkULwOCOaXs/HNZCFo4V BRH8lQ2muYgunpYQmzooSg6VZk3iHlZwoiLdzxQ9PVVq/CUarVpF/b0b8YLV3yqWJPH3+y 8cC5MeRO/4rrYZZVuoWqKgAwVSz6NoDCyvNOVBl1oFv93VgMQiK53t8/uTqSki6lYgeXlP U9nwWQNhOW3JCypnDxJsWf/kO72uydQEnZXFXPuu3Fz6VipTiDzHxMnodvDRJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731074680; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/p8cQMX+fsiLeHSuwilabWUioERNUkqe108980/gXOA=; b=ZaAaOdnheFJsn1/ya6hH2X995iB0J/4jx6dpmz0ubjT3NPjisLuEaGDjM0b7tPQmVlvlmW +YIrj8Cy4gB4vTTy3tHpp4FknYrGzBPBWIDUE8pdZJHmiRtG6+4ZJyjUkowAUrhT5EyZGB Bi0159Wn2ky7vj8n9NWUQUNkgW5sUi+AEpNvlnMB8LQQt3v2fw7QaaVCQmd20i7QnWXLKm UgiuGyDebc1kd2eW/Yx1itulegBzgCeNwpzX45oJSpwyAxNvwBqhyMwp1KFuVyB4h6ybRh JIm64k5CUvoBDwcqD7ZNc96c8i+GQIdNP3cnAUNeyNm0DkuOAyt/USOs1Meonw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731074680; a=rsa-sha256; cv=none; b=TOhjNMnTXuAW2MW3oT2OHhwRIh0UVEQlLTh/M/vIDMlRGMR01KUDvOb/uKcdtWaP1Bwe3r V5INOI4yN1RdJKPtKj0PCXp8Pzg33NkLXSx86foReUcZzKGY2ACqPtFqksyQsJ/WtbsnoU Dh7DSIVqoJQFL5jfDwgpW3nUMp9hmJdJiEXgET42FhOmX9JULRojbgfwkP3J9XWkP6NoUK Gn9t+9bIQUVL040kxuh/LPBx67fEf31WUA3Cq4hBFK0Z5wpaG+kqXFRD8aWZzuZUco7pBx 01Ij/+be7yrbKuXN1JYexWgwPLMpz2w5nFJwDzV/ZF9dCCEtN1zjNKhJjh83rg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XlLKh3BFczYD1; Fri, 8 Nov 2024 14:04:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4A8E4eM5069230; Fri, 8 Nov 2024 14:04:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4A8E4eTq069227; Fri, 8 Nov 2024 14:04:40 GMT (envelope-from git) Date: Fri, 8 Nov 2024 14:04:40 GMT Message-Id: <202411081404.4A8E4eTq069227@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Renato Botelho Subject: git: 2f47d7ff7d37 - main - security/vuxml: Document tnef vulnerabilities List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: garga X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2f47d7ff7d372e2346427eb77f597c324cf23119 Auto-Submitted: auto-generated The branch main has been updated by garga: URL: https://cgit.FreeBSD.org/ports/commit/?id=2f47d7ff7d372e2346427eb77f597c324cf23119 commit 2f47d7ff7d372e2346427eb77f597c324cf23119 Author: Älven AuthorDate: 2024-11-08 14:02:14 +0000 Commit: Renato Botelho CommitDate: 2024-11-08 14:04:20 +0000 security/vuxml: Document tnef vulnerabilities PR: 282228 --- security/vuxml/vuln/2024.xml | 83 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 9bd7e6da5558..11781b8d4b42 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,86 @@ + + tnef -- An attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message + + + tnef + 1.4.18 + + + + +

cve@mitre.org reports:

+
+

In tnef before 1.4.18, an attacker may be able to write to the + victim's .ssh/authorized_keys file via an e-mail message with + a crafted winmail.dat application/ms-tnef attachment, because of a + heap-based buffer over-read involving strdup.

+
+ + + + CVE-2019-18849 + https://nvd.nist.gov/vuln/detail/CVE-2019-18849 + + + 2019-11-11 + 2024-10-26 + + + + + tnef -- Invalid read and write operations, controlled by an attacker + + + tnef + 1.4.12 + + + + +

cve@mitre.org reports:

+
+

CVE-2017-6307: An issue was discovered in tnef before + 1.4.13. Two OOB Writes have been identified in + src/mapi_attr.c:mapi_attr_read(). These might lead to + invalid read and write operations, controlled by an + attacker.

+
+
+

CVE-2017-6308: An issue was discovered in tnef before + 1.4.13. Several Integer Overflows, which can lead to Heap + Overflows, have been identified in the functions that wrap + memory allocation.

+
+
+

CVE-2017-6309: An issue was discovered in tnef before + 1.4.13. Two type confusions have been identified in the + parse_file() function. These might lead to invalid read and + write operations, controlled by an attacker.

+
+
+

CVE-2017-6310: An issue was discovered in tnef before + 1.4.13. Four type confusions have been identified in the + file_add_mapi_attrs() function. These might lead to invalid + read and write operations, controlled by an attacker.

+
+ + + + CVE-2017-6307 + https://nvd.nist.gov/vuln/detail/CVE-2017-6307 + CVE-2017-6308 + https://nvd.nist.gov/vuln/detail/CVE-2017-6308 + CVE-2017-6309 + https://nvd.nist.gov/vuln/detail/CVE-2017-6309 + CVE-2017-6310 + https://nvd.nist.gov/vuln/detail/CVE-2017-6310 + + + 2017-02-24 + 2024-10-26 + + + electron32 -- multiple vulnerabilities