[Bug 263749] mail/rainloop mail/rainloop-community: affected by CVE-2022-29360

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 03 May 2022 08:17:43 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263749

            Bug ID: 263749
           Summary: mail/rainloop mail/rainloop-community: affected by
                    CVE-2022-29360
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: yasu@freebsd.org
          Reporter: lapo@lapo.it
          Assignee: yasu@freebsd.org
             Flags: maintainer-feedback?(yasu@freebsd.org)

Cfr. 
https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw
https://github.com/RainLoop/rainloop-webmail/issues/2142

Unfortunately I don't have a time for a patch at the moment, but it could make
sense to either:
- add CVE indication to `pkg audit`
- add SonarSource-produced unofficial patch to this port
- add SnappyMail in the Ports

-- 
You are receiving this mail because:
You are the assignee for the bug.