FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bd98066d-4ea4-11eb-b412-e86a64caca56mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports:

When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server.

Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100.


Discovery 2020-08-17
Entry 2021-01-04
dovecot
< 2.3.13

https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
CVE-2020-24386
CVE-2020-25275