svn commit: r474966 - head/security/vuxml
Fernando Apesteguía
fernape at FreeBSD.org
Thu Jul 19 15:37:58 UTC 2018
Author: fernape
Date: Thu Jul 19 15:37:57 2018
New Revision: 474966
URL: https://svnweb.freebsd.org/changeset/ports/474966
Log:
security/vuxml: add mutt vulnerabilities
Include mutt vulnerabilities for mutt < 1.10.1
PR: 229810
Submitted by: dereks at lifeofadishwasher.com
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D16321
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jul 19 14:57:45 2018 (r474965)
+++ head/security/vuxml/vuln.xml Thu Jul 19 15:37:57 2018 (r474966)
@@ -58,6 +58,63 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a2f35081-8a02-11e8-8fa5-4437e6ad11c4">
+ <topic>mutt -- remote code injection and path traversal vulnerability</topic>
+ <affects>
+ <package>
+ <name>mutt</name>
+ <range><lt>1.10.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Kevin J. McCarthy reports:</p>
+ <blockquote cite="http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html">
+ <p>Fixes a remote code injection vulnerability when "subscribing"
+ to an IMAP mailbox, either via $imap_check_subscribed, or via the
+ <subscribe> function in the browser menu. Mutt was generating a
+ "mailboxes" command and sending that along to the muttrc parser.
+ However, it was not escaping "`", which executes code and inserts
+ the result. This would allow a malicious IMAP server to execute
+ arbitrary code (for $imap_check_subscribed).</p>
+ <p>Fixes POP body caching path traversal vulnerability.</p>
+ <p>Fixes IMAP header caching path traversal vulnerability.</p>
+ <p>CVE-2018-14349 - NO Response Heap Overflow</p>
+ <p>CVE-2018-14350 - INTERNALDATE Stack Overflow</p>
+ <p>CVE-2018-14351 - STATUS Literal Length relative write</p>
+ <p>CVE-2018-14352 - imap_quote_string off-by-one stack overflow</p>
+ <p>CVE-2018-14353 - imap_quote_string int underflow</p>
+ <p>CVE-2018-14354 - imap_subscribe Remote Code Execution</p>
+ <p>CVE-2018-14355 - STATUS mailbox header cache directory traversal</p>
+ <p>CVE-2018-14356 - POP empty UID NULL deref</p>
+ <p>CVE-2018-14357 - LSUB Remote Code Execution</p>
+ <p>CVE-2018-14358 - RFC822.SIZE Stack Overflow</p>
+ <p>CVE-2018-14359 - base64 decode Stack Overflow</p>
+ <p>CVE-2018-14362 - POP Message Cache Directory Traversal</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-14349</cvename>
+ <cvename>CVE-2018-14350</cvename>
+ <cvename>CVE-2018-14351</cvename>
+ <cvename>CVE-2018-14352</cvename>
+ <cvename>CVE-2018-14353</cvename>
+ <cvename>CVE-2018-14354</cvename>
+ <cvename>CVE-2018-14355</cvename>
+ <cvename>CVE-2018-14356</cvename>
+ <cvename>CVE-2018-14357</cvename>
+ <cvename>CVE-2018-14358</cvename>
+ <cvename>CVE-2018-14359</cvename>
+ <cvename>CVE-2018-14362</cvename>
+ <url>http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html</url>
+ </references>
+ <dates>
+ <discovery>2018-07-15</discovery>
+ <entry>2018-07-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="fe12ef83-8b47-11e8-96cc-001a4a7ec6be">
<topic>mutt/neomutt -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list