diff options
author | Matthias Andree <mandree@FreeBSD.org> | 2021-08-26 23:06:29 +0000 |
---|---|---|
committer | Matthias Andree <mandree@FreeBSD.org> | 2021-08-26 23:09:48 +0000 |
commit | c5670115baaf3725deaf0ed3aa493ad7f63842c7 (patch) | |
tree | a1c15d5f0709040c9619dbc5d95ee3f661e8117f | |
parent | 561d7cf968d5284f70caa9a8bcae80a2e6f6a601 (diff) | |
download | ports-c5670115baaf3725deaf0ed3aa493ad7f63842c7.tar.gz ports-c5670115baaf3725deaf0ed3aa493ad7f63842c7.zip |
security/vuxml: document fetchmail TLS vulns
URL: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
Security: CVE-2021-39272
Security: 1d6410e8-06c1-11ec-a35d-03ca114d16d6
-rw-r--r-- | security/vuxml/vuln-2021.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 5721d04bde3f..c570b179aaf4 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,32 @@ + <vuln vid="1d6410e8-06c1-11ec-a35d-03ca114d16d6"> + <topic>fetchmail -- STARTTLS bypass vulnerabilities</topic> + <affects> + <package> + <name>fetchmail</name> + <range><lt>6.4.22.r1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Problem:</p> + <blockquote cite="https://www.fetchmail.info/fetchmail-SA-2021-02.txt"> + <p>In certain circumstances, fetchmail 6.4.21 and older would + not encrypt the session using STARTTLS/STLS, and might not have + cleared session state across the TLS negotiation. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-39272</cvename> + <url>https://www.fetchmail.info/fetchmail-SA-2021-02.txt</url> + </references> + <dates> + <discovery>2021-08-10</discovery> + <entry>2021-08-26</entry> + </dates> + </vuln> + <vuln vid="d22b336d-0567-11ec-b69d-4062311215d5"> <topic>FreeBSD -- libfetch out of bounds read</topic> <affects> |