Page MenuHomeFreeBSD
Files F156770304

D32575.id97164.diff
No OneTemporary
Actions

D32575.id97164.diff
View Options

Index: security/vuxml/vuln-2021.xml
===================================================================
--- security/vuxml/vuln-2021.xml
+++ security/vuxml/vuln-2021.xml
@@ -1,3 +1,38 @@
+ <vuln vid="c848059a-318b-11ec-aa15-0800270512f4">
+ <topic>fail2ban -- possible RCE vulnerability in mailing action using mailutils</topic>
+ <affects>
+ <package>
+ <name>py36-fail2ban</name>
+ <name>py37-fail2ban</name>
+ <name>py38-fail2ban</name>
+ <name>py39-fail2ban</name>
+ <name>py310-fail2ban</name>
+ <range><lt>0.11.2_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jakub Żoczek reports:</p>
+ <blockquote cite="https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm">
+ <p>
+ Command <code>mail</code> from mailutils package used in mail actions
+ like <code>mail-whois</code> can execute command if unescaped sequences
+ (<code>\n~</code>) are available in "foreign" input (for instance in
+ whois output).
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2021-32749</cvename>
+ <url>https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm</url>
+ </references>
+ <dates>
+ <discovery>2021-07-16</discovery>
+ <entry>2021-10-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="bdaecfad-3117-11ec-b3b0-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>

File Metadata

Mime Type
text/plain
Expires
Sun, May 17, 5:47 AM (15 h, 4 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
33178499
Default Alt Text
D32575.id97164.diff (1 KB)

Event Timeline