git: b956528b42f1 - main - security/vuxml: update fetchmail CVE-2021-36386 vuln
Matthias Andree
mandree at FreeBSD.org
Tue Aug 3 18:19:28 UTC 2021
The branch main has been updated by mandree:
URL: https://cgit.FreeBSD.org/ports/commit/?id=b956528b42f11820ce690c51e452bf745084fd5e
commit b956528b42f11820ce690c51e452bf745084fd5e
Author: Matthias Andree <mandree at FreeBSD.org>
AuthorDate: 2021-08-03 15:29:46 +0000
Commit: Matthias Andree <mandree at FreeBSD.org>
CommitDate: 2021-08-03 18:19:14 +0000
security/vuxml: update fetchmail CVE-2021-36386 vuln
this vuln was a reintroduction of CVE-2008-2711 which got fixed in
fetchmail 6.3.9, when 6.3.17 refactored code.
- restrict range (>= 6.3.9 < 6.3.17 unaffected)
- add reference to old CVE-2008-2711
URL: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
Security: cbfd1874-efea-11eb-8fe9-036bd763ff35
Security: CVE-2021-36386
Security: CVE-2008-2711
---
security/vuxml/vuln-2021.xml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index 4029b4cac0ca..bcc078f0d575 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -190,7 +190,8 @@ In limited circumstances it was possible for users to authenticate using variati
<affects>
<package>
<name>fetchmail</name>
- <range><lt>6.4.20</lt></range>
+ <range><lt>6.3.9</lt></range>
+ <range><ge>6.3.17</ge><lt>6.4.20</lt></range>
</package>
</affects>
<description>
@@ -205,11 +206,13 @@ In limited circumstances it was possible for users to authenticate using variati
</description>
<references>
<cvename>CVE-2021-36386</cvename>
+ <cvename>CVE-2008-2711</cvename>
<url>https://sourceforge.net/p/fetchmail/mailman/message/37327392/</url>
</references>
<dates>
<discovery>2021-07-07</discovery>
<entry>2021-07-28</entry>
+ <modified>2021-08-03</modified>
</dates>
</vuln>
More information about the dev-commits-ports-all
mailing list