This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|---|
| 14a6f516-502f-11e0-b448-bbfa2731f9c7 | postfix -- plaintext command injection with SMTP over TLS Wietse Venema has discovered a software flaw that allows an attacker to inject client commands into an SMTP session during the unprotected plaintext SMTP protocol phase, such that the server will execute those commands during the SMTP- over-TLS protocol phase when all communication is supposed to be protected. Discovery 2011-03-07 Entry 2011-03-19 postfix postfix-base ge 2.7.*,1 lt 2.7.3,1 ge 2.6.*,1 lt 2.6.9,1 ge 2.5.*,2 lt 2.5.12,2 ge 2.4.*,1 lt 2.4.16,1 postfix-current postfix-current-base < 2.9.20100120,4 CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html http://secunia.com/advisories/43646/ |
| 3eb2c100-738b-11e0-89f4-001e90d46635 | Postfix -- memory corruption vulnerability The Postfix SMTP server has a memory corruption error, when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN (ANONYMOUS is not affected, but should not be used for other reasons). This memory corruption is known to result in a program crash (SIGSEV). Discovery 2011-05-09 Entry 2011-05-09 postfix postfix-base ge 2.8.*,1 lt 2.8.3,1 ge 2.7.*,1 lt 2.7.4,1 ge 2.6.*,1 lt 2.6.10,1 ge 2.5.*,2 lt 2.5.13,2 le 2.4.16,1 postfix-current postfix-current-base < 2.9.20110501,4 CVE-2011-1720 http://www.postfix.org/CVE-2011-1720.html |