FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369686
Date:      2014-10-01
Time:      03:40:03Z
Committer: bdrewery

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3eb2c100-738b-11e0-89f4-001e90d46635Postfix -- memory corruption vulnerability

The Postfix SMTP server has a memory corruption error, when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (ANONYMOUS is not affected, but should not be used for other reasons). This memory corruption is known to result in a program crash (SIGSEV).


Discovery 2011-05-09
Entry 2011-05-09
postfix
postfix-base
ge 2.8.*,1 lt 2.8.3,1

ge 2.7.*,1 lt 2.7.4,1

ge 2.6.*,1 lt 2.6.10,1

ge 2.5.*,2 lt 2.5.13,2

le 2.4.16,1

postfix-current
postfix-current-base
lt 2.9.20110501,4

CVE-2011-1720
http://www.postfix.org/CVE-2011-1720.html
14a6f516-502f-11e0-b448-bbfa2731f9c7postfix -- plaintext command injection with SMTP over TLS

Wietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to be protected.


Discovery 2011-03-07
Entry 2011-03-19
postfix
postfix-base
ge 2.7.*,1 lt 2.7.3,1

ge 2.6.*,1 lt 2.6.9,1

ge 2.5.*,2 lt 2.5.12,2

ge 2.4.*,1 lt 2.4.16,1

postfix-current
postfix-current-base
lt 2.9.20100120,4

CVE-2011-0411
http://www.postfix.org/CVE-2011-0411.html
http://secunia.com/advisories/43646/
3eb2c100-738b-11e0-89f4-001e90d46635Postfix -- memory corruption vulnerability

The Postfix SMTP server has a memory corruption error, when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (ANONYMOUS is not affected, but should not be used for other reasons). This memory corruption is known to result in a program crash (SIGSEV).


Discovery 2011-05-09
Entry 2011-05-09
postfix
postfix-base
ge 2.8.*,1 lt 2.8.3,1

ge 2.7.*,1 lt 2.7.4,1

ge 2.6.*,1 lt 2.6.10,1

ge 2.5.*,2 lt 2.5.13,2

le 2.4.16,1

postfix-current
postfix-current-base
lt 2.9.20110501,4

CVE-2011-1720
http://www.postfix.org/CVE-2011-1720.html
14a6f516-502f-11e0-b448-bbfa2731f9c7postfix -- plaintext command injection with SMTP over TLS

Wietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to be protected.


Discovery 2011-03-07
Entry 2011-03-19
postfix
postfix-base
ge 2.7.*,1 lt 2.7.3,1

ge 2.6.*,1 lt 2.6.9,1

ge 2.5.*,2 lt 2.5.12,2

ge 2.4.*,1 lt 2.4.16,1

postfix-current
postfix-current-base
lt 2.9.20100120,4

CVE-2011-0411
http://www.postfix.org/CVE-2011-0411.html
http://secunia.com/advisories/43646/