FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517534
Date:      2019-11-13
Time:      23:45:36Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b4f0ad36-94a5-11e8-9007-080027ac955cmailman -- content spoofing with invalid list names in web UI

Mark Sapiro reports:

A URL with a very long text listname such as

http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text

will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.

This issue was discovered by Hammad Qureshi.


Discovery 2018-07-09
Entry 2018-07-31
mailman
lt 2.1.28

mailman-with-htdig
lt 2.1.28

ja-mailman
lt 2.1.14.j7_6,1

https://bugs.launchpad.net/mailman/+bug/1780874
https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html
CVE-2018-13796