FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-01-28 17:03:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
21fba35e-a05f-11f0-a8b8-a1ef31191bc1	fetchmail -- potential crash when authenticating to SMTP server Matthias Andree reports: fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This address is constant and not under the attacker's control. This event will usually cause a crash of fetchmail. Discovery 2025-10-02 Entry 2025-10-03 Modified 2025-10-04 fetchmail >= 5.9.9 lt 6.5.6 CVE-2025-61962 https://www.fetchmail.info/fetchmail-SA-2025-01.txt https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_6x/fetchmail-SA-2025-01.txt?ref_type=heads https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8
1d6410e8-06c1-11ec-a35d-03ca114d16d6	fetchmail -- STARTTLS bypass vulnerabilities Problem: In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation. Discovery 2021-08-10 Entry 2021-08-26 fetchmail < 6.4.22.r1 CVE-2021-39272 https://www.fetchmail.info/fetchmail-SA-2021-02.txt

VuXML ID

Description

21fba35e-a05f-11f0-a8b8-a1ef31191bc1

fetchmail -- potential crash when authenticating to SMTP server

Matthias Andree reports:

fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This address is constant and not under the attacker's control. This event will usually cause a crash of fetchmail.

Discovery 2025-10-02
Entry 2025-10-03
Modified 2025-10-04
fetchmail

>= 5.9.9 lt 6.5.6

CVE-2025-61962
https://www.fetchmail.info/fetchmail-SA-2025-01.txt
https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_6x/fetchmail-SA-2025-01.txt?ref_type=heads
https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8

1d6410e8-06c1-11ec-a35d-03ca114d16d6

fetchmail -- STARTTLS bypass vulnerabilities

Problem:

In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation.

Discovery 2021-08-10
Entry 2021-08-26
fetchmail

< 6.4.22.r1

CVE-2021-39272
https://www.fetchmail.info/fetchmail-SA-2021-02.txt