FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351938
Date:      2014-04-23
Time:      13:36:36Z
Committer: lwhsu

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f8536143-9bc4-11d9-b8b3-000a95bc6faesylpheed -- buffer overflow in header processing

The Sylpheed web site states:

A buffer overflow which occurred when replying to a message with certain headers which contain non-ascii characters was fixed.


Discovery 2005-03-07
Entry 2005-03-23
sylpheed
sylpheed-claws
sylpheed-gtk2
ge 0.8.* lt 1.0.3

ge 1.9.* lt 1.9.5

CVE-2005-0667
http://sylpheed.good-day.net/index.cgi.en#changes
b1e8c810-01d0-11da-bc08-0001020eed82sylpheed -- MIME-encoded file name buffer overflow vulnerability

Sylpheed is vulnerable to a buffer overflow when displaying emails with attachments that have MIME-encoded file names. This could be used by a remote attacker to crash sylpheed potentially allowing execution of arbitrary code with the permissions of the user running sylpheed.


Discovery 2005-03-29
Entry 2005-07-31
sylpheed
sylpheed-gtk2
sylpheed-claws
lt 1.0.4

12934
CVE-2005-0926
http://sylpheed.good-day.net/changelog.html.en
d9867f50-54d0-11dc-b80b-0016179b2dd5claws-mail -- POP3 Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers.

Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.


Discovery 2007-08-24
Entry 2007-08-27
Modified 2010-05-12
claws-mail
sylpheed-claws
lt 2.10.0_3

sylpheed2
lt 2.4.4_1

CVE-2007-2958
http://secunia.com/advisories/26550/
http://secunia.com/secunia_research/2007-70/advisory/
b1e8c810-01d0-11da-bc08-0001020eed82sylpheed -- MIME-encoded file name buffer overflow vulnerability

Sylpheed is vulnerable to a buffer overflow when displaying emails with attachments that have MIME-encoded file names. This could be used by a remote attacker to crash sylpheed potentially allowing execution of arbitrary code with the permissions of the user running sylpheed.


Discovery 2005-03-29
Entry 2005-07-31
sylpheed
sylpheed-gtk2
sylpheed-claws
lt 1.0.4

12934
CVE-2005-0926
http://sylpheed.good-day.net/changelog.html.en
f8536143-9bc4-11d9-b8b3-000a95bc6faesylpheed -- buffer overflow in header processing

The Sylpheed web site states:

A buffer overflow which occurred when replying to a message with certain headers which contain non-ascii characters was fixed.


Discovery 2005-03-07
Entry 2005-03-23
sylpheed
sylpheed-claws
sylpheed-gtk2
ge 0.8.* lt 1.0.3

ge 1.9.* lt 1.9.5

CVE-2005-0667
http://sylpheed.good-day.net/index.cgi.en#changes
d9867f50-54d0-11dc-b80b-0016179b2dd5claws-mail -- POP3 Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers.

Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.


Discovery 2007-08-24
Entry 2007-08-27
Modified 2010-05-12
claws-mail
sylpheed-claws
lt 2.10.0_3

sylpheed2
lt 2.4.4_1

CVE-2007-2958
http://secunia.com/advisories/26550/
http://secunia.com/secunia_research/2007-70/advisory/