FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cc4ce06b-e01c-11d9-a8bd-000cf18bbe54	p5-Mail-SpamAssassin -- denial of service vulnerability Apache SpamAssassin Security Team reports: Apache SpamAssassin 3.0.4 was recently released, and fixes a denial of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The vulnerability allows certain misformatted long message headers to cause spam checking to take a very long time. While the exploit has yet to be seen in the wild, we are concerned that there may be attempts to abuse the vulnerability in the future. Therefore, we strongly recommend all users of these versions upgrade to Apache SpamAssassin 3.0.4 as soon as possible. Discovery 2005-06-15 Entry 2005-06-18 p5-Mail-SpamAssassin ge 3.0.1 lt 3.0.4 CVE-2005-1266 http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288@proton.pathname.com%3e
7f3fdef7-51d2-11da-8e93-0010dc4afb40	p5-Mail-SpamAssassin -- long message header denial of service A Secunia Advisory reports: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of an inefficient regular expression in "/SpamAssassin/Message.pm" to parse email headers. This can cause perl to crash when it runs out of stack space and can be exploited via a malicious email that contains a large number of recipients. Discovery 2005-11-10 Entry 2005-11-10 p5-Mail-SpamAssassin < 3.1.0 http://secunia.com/advisories/17386/ http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570
8092b820-1d6f-11dc-a0b2-001921ab2fa4	p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability SpamAssassin website reports: A local user symlink-attack DoS vulnerability in SpamAssassin has been found, affecting versions 3.1.x, 3.2.0, and SVN trunk. Discovery 2007-06-11 Entry 2007-06-18 p5-Mail-SpamAssassin < 3.2.1 http://spamassassin.apache.org/advisories/cve-2007-2873.txt CVE-2007-2873

VuXML ID

Description

cc4ce06b-e01c-11d9-a8bd-000cf18bbe54

p5-Mail-SpamAssassin -- denial of service vulnerability

Apache SpamAssassin Security Team reports:

Apache SpamAssassin 3.0.4 was recently released, and fixes a denial of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The vulnerability allows certain misformatted long message headers to cause spam checking to take a very long time.

While the exploit has yet to be seen in the wild, we are concerned that there may be attempts to abuse the vulnerability in the future. Therefore, we strongly recommend all users of these versions upgrade to Apache SpamAssassin 3.0.4 as soon as possible.

Discovery 2005-06-15
Entry 2005-06-18
p5-Mail-SpamAssassin

ge 3.0.1 lt 3.0.4

CVE-2005-1266
http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288@proton.pathname.com%3e

7f3fdef7-51d2-11da-8e93-0010dc4afb40

p5-Mail-SpamAssassin -- long message header denial of service

A Secunia Advisory reports:

A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the use of an inefficient regular expression in "/SpamAssassin/Message.pm" to parse email headers. This can cause perl to crash when it runs out of stack space and can be exploited via a malicious email that contains a large number of recipients.

Discovery 2005-11-10
Entry 2005-11-10
p5-Mail-SpamAssassin

< 3.1.0

http://secunia.com/advisories/17386/
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570

8092b820-1d6f-11dc-a0b2-001921ab2fa4

p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability

SpamAssassin website reports:

A local user symlink-attack DoS vulnerability in SpamAssassin has been found, affecting versions 3.1.x, 3.2.0, and SVN trunk.

Discovery 2007-06-11
Entry 2007-06-18
p5-Mail-SpamAssassin

< 3.2.1

http://spamassassin.apache.org/advisories/cve-2007-2873.txt
CVE-2007-2873