diff options
author | Matthias Andree <mandree@FreeBSD.org> | 2021-08-03 15:29:46 +0000 |
---|---|---|
committer | Matthias Andree <mandree@FreeBSD.org> | 2021-08-03 18:19:14 +0000 |
commit | b956528b42f11820ce690c51e452bf745084fd5e (patch) | |
tree | b84aa1dcec9517d1ab7f4c6926b094e80902e291 | |
parent | 56ffa089e2baf297adb8da027f01c373183bdb68 (diff) | |
download | ports-b956528b42f11820ce690c51e452bf745084fd5e.tar.gz ports-b956528b42f11820ce690c51e452bf745084fd5e.zip |
security/vuxml: update fetchmail CVE-2021-36386 vuln
this vuln was a reintroduction of CVE-2008-2711 which got fixed in
fetchmail 6.3.9, when 6.3.17 refactored code.
- restrict range (>= 6.3.9 < 6.3.17 unaffected)
- add reference to old CVE-2008-2711
URL: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
Security: cbfd1874-efea-11eb-8fe9-036bd763ff35
Security: CVE-2021-36386
Security: CVE-2008-2711
-rw-r--r-- | security/vuxml/vuln-2021.xml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 4029b4cac0ca..bcc078f0d575 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -190,7 +190,8 @@ In limited circumstances it was possible for users to authenticate using variati <affects> <package> <name>fetchmail</name> - <range><lt>6.4.20</lt></range> + <range><lt>6.3.9</lt></range> + <range><ge>6.3.17</ge><lt>6.4.20</lt></range> </package> </affects> <description> @@ -205,11 +206,13 @@ In limited circumstances it was possible for users to authenticate using variati </description> <references> <cvename>CVE-2021-36386</cvename> + <cvename>CVE-2008-2711</cvename> <url>https://sourceforge.net/p/fetchmail/mailman/message/37327392/</url> </references> <dates> <discovery>2021-07-07</discovery> <entry>2021-07-28</entry> + <modified>2021-08-03</modified> </dates> </vuln> |