FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  366223
Date:      2014-08-26
Time:      16:36:41Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
49314321-7fd4-11e1-9582-001b2134ef46mutt-devel -- failure to check SMTP TLS server certificate

Dave B reports on Full Disclosure:

It seems that mutt fails to check the validity of a SMTP servers certificate during a TLS connection. [...] This means that an attacker could potentially MITM a mutt user connecting to their SMTP server even when the user has forced a TLS connection.


Discovery 2012-03-08
Entry 2012-04-06
mutt-devel
lt 1.5.21_4

CVE-2011-1429
http://seclists.org/fulldisclosure/2011/Mar/87
d2a43243-087b-11db-bc36-0008743bf21amutt -- Remote Buffer Overflow Vulnerability

SecurityFocus reports:

Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.


Discovery 2006-06-26
Entry 2006-06-30
mutt
mutt-lite
le 1.4.2.1_2

mutt-devel
mutt-devel-lite
le 1.5.11_2

ja-mutt
le 1.4.2.1.j1

zh-mutt-devel
le 1.5.11_20040617

ja-mutt-devel
le 1.5.6.j1_2

mutt-ng
le 20060501

18642
http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540
d2a43243-087b-11db-bc36-0008743bf21amutt -- Remote Buffer Overflow Vulnerability

SecurityFocus reports:

Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.


Discovery 2006-06-26
Entry 2006-06-30
mutt
mutt-lite
le 1.4.2.1_2

mutt-devel
mutt-devel-lite
le 1.5.11_2

ja-mutt
le 1.4.2.1.j1

zh-mutt-devel
le 1.5.11_20040617

ja-mutt-devel
le 1.5.6.j1_2

mutt-ng
le 20060501

18642
http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540
49314321-7fd4-11e1-9582-001b2134ef46mutt-devel -- failure to check SMTP TLS server certificate

Dave B reports on Full Disclosure:

It seems that mutt fails to check the validity of a SMTP servers certificate during a TLS connection. [...] This means that an attacker could potentially MITM a mutt user connecting to their SMTP server even when the user has forced a TLS connection.


Discovery 2012-03-08
Entry 2012-04-06
mutt-devel
lt 1.5.21_4

CVE-2011-1429
http://seclists.org/fulldisclosure/2011/Mar/87