FreshPorts -- mail/exim/files/patch-z0035-DANE-Fix-2-messages-from-queue-case

non port: mail/exim/files/patch-z0035-DANE-Fix-2-messages-from-queue-case

Number of commits found: 2

Tuesday, 4 May 2021

15:57 Dima Panov (fluffy)

mail/exim:	update to 4.94.2 security release

  * New upstream security release.
    + Release based on +fixes branch.
    + Fixes multiple security vulnerabilities reported by Qualys and adds
      related robustness improvements. (Special thanks to Heiko)
      CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
      CVE-2020-28007: Link attack in Exim's log directory
      CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
      CVE-2020-28012: Missing close-on-exec flag for privileged pipe
      CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
      CVE-2020-28009: Integer overflow in get_stdinput()
      CVE-2020-28015, CVE-28021: New-line injection into spool header file
      CVE-2020-28026: Line truncation and injection in spool_read_header()
      CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
      CVE-2020-28017: Integer overflow in receive_add_recipient()
      CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
      CVE-2020-28011: Heap buffer overflow in queue_run()
      CVE-2020-28010: Heap out-of-bounds write in main()
      CVE-2020-28018: Use-after-free in tls-openssl.c
      CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
      CVE-2020-28014, CVE-2021-27216: PID file handling
      CVE-2020-28008: Assorted attacks in Exim's spool directory
      CVE-2020-28019: Failure to reset function pointer after BDAT error
  * Incorporate debian patches to turn taint failures into warnings.

0a629bd

Wednesday, 9 Sep 2020

12:09 fluffy

mail/exim: import exim-4.94+fixes branch as state of 2020.09.09

Used git diffs:

[27/37] Fix spelling of local_part_data in docs and debug output
[27/37] Fix spelling of local_part_data in docs and debug output
[28/37] Fix ${readsocket } eol-replacement.  Bug 2630
[29/37] Taint: fix off-by-one in is_tainted().  Bug 2634
[30/37] Build: ifdef guard for EXPERIMENTAL_QUEUEFILE
[31/37] Taint: fix off-by-one in is_tainted().  Bug 2634
[32/37] DANE: force SNI to use $domain.  Bug 2265
[33/37] DANE: Fix 2-rcpt message, diff domins case.  Bug 2265
[34/37] Fix non-DANE build
[35/37] DANE: Fix 2 messages from queue case
[36/37] Fix non-DANE build

While here, make SPF option turned on by default

MFH:		2020Q3

Number of commits found: 2

Login
User Login Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts? About the authors Issues FAQ How big is it? Security Policy Privacy Blog Contact

Search
Enter Keywords: more...

Latest Vulnerabilities

github-release-monitor	Dec 13
chromium	Dec 12
jenkins	Dec 12
jenkins-lts	Dec 12
ungoogled-chromium	Dec 12
varnish-libvmod-digest	Dec 12
firefox	Dec 11
firefox	Dec 11
firefox	Dec 11
firefox	Dec 11
firefox	Dec 11
firefox	Dec 11
firefox	Dec 11
firefox	Dec 11
firefox	Dec 11

32 vulnerabilities affecting 351 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last processed:
2025-12-14 09:46:14 UTC

Ports
Home Categories Deleted ports Sanity Test Failures Newsfeeds

Statistics

Graphs
NEW Graphs (Javascript)

Calculated hourly:

Port count	34026
Broken	111
Deprecated	308
Ignore	228
Forbidden	0
Restricted	2
No CDROM	1
Vulnerable	39
Expired	5
Set to expire	250
Interactive	0
new 24 hours	0
new 48 hours	3
new 7 days	53
new fortnight	72
new month	160