FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
51358314-bec8-11e5-82cd-bcaec524bf84claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc

DrWhax reports:

So in codeconv.c there is a function for Japanese character set conversion called conv_jistoeuc(). There is no bounds checking on the output buffer, which is created on the stack with alloca() Bug can be triggered by sending an email to TAILS_luser@riseup.net or whatever. Since my C is completely rusty, you might be able to make a better judgment on the severity of this issue. Marking critical for now.


Discovery 2015-11-04
Entry 2016-01-19
claws-mail
< 3.13.2

CVE-2015-8614
https://security-tracker.debian.org/tracker/CVE-2015-8614
a59afa47-c930-11dc-810c-0016179b2dd5claws-mail -- insecure temporary file creation

Nico Golde reports:

A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail.


Discovery 2007-12-03
Entry 2008-01-22
Modified 2008-02-12
claws-mail
< 3.1.0

26676
CVE-2007-6208
http://www.gentoo.org/security/en/glsa/glsa-200801-03.xml
http://security.gentoo.org/glsa/glsa-200801-03.xml
http://secunia.com/advisories/27897
c389d06d-ee57-11db-bd51-0016179b2dd5claws-mail -- APOP vulnerability

CVE reports:

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.


Discovery 2007-04-02
Entry 2007-04-19
claws-mail
< 2.9.0

CVE-2007-1558
http://www.claws-mail.org/news.php
d9867f50-54d0-11dc-b80b-0016179b2dd5claws-mail -- POP3 Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers.

Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.


Discovery 2007-08-24
Entry 2007-08-27
Modified 2010-05-12
claws-mail
sylpheed-claws
< 2.10.0_3

sylpheed2
< 2.4.4_1

CVE-2007-2958
http://secunia.com/advisories/26550/
http://secunia.com/secunia_research/2007-70/advisory/