Wrong security audit for mail/postfix ?
Cristiano Deana
cristiano.deana at gmail.com
Mon May 11 07:38:47 UTC 2015
Hi,
this morning I got for my mailservers
# pkg audit
postfix-2.11.4,1 is vulnerable:
postfix -- plaintext command injection with SMTP over TLS
CVE: CVE-2011-0411
WWW: http://vuxml.FreeBSD.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html
postfix-2.11.4,1 is vulnerable:
Postfix -- memory corruption vulnerability
CVE: CVE-2011-1720
WWW: http://vuxml.FreeBSD.org/freebsd/3eb2c100-738b-11e0-89f4-001e90d46635.html
But this is a bug from 2011, and it's blocking new install or updates
of postfix packages.
Who should be warned of this?
Thank you.
--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/
More information about the freebsd-security
mailing list