Diffusion FreeBSD ports repository rP527062

MFH: r527012
rP527062
Actions

Description

MFH: r527012

mail/opensmtpd: update to 6.6.4p1 security releaase

SECURITY RELEASE

An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

Approved by: ports-secteam (joneum)
Security: CVE-2020-8793, CVE-2020-8794

Details

Provenance

fluffy

Authored on

Parents

rP527061: MFH: r526973

Branches

Unknown

Tags

Unknown

Event Timeline

fluffy committed rP527062: MFH: r527012.Feb 25 2020, 3:22 AM

Changes (4)

Path

Size

branches/

2020Q1/

mail/

opensmtpd/

Makefile

distinfo

pkg-plist

rP527062

View Options

branches/2020Q1/

View Options

branches/2020Q1/mail/opensmtpd/Makefile

View Options

branches/2020Q1/mail/opensmtpd/distinfo

View Options

branches/2020Q1/mail/opensmtpd/pkg-plist

MFH: r527012rP527062Actions

Description

Details

Event Timeline

Changes (4)

rP527062

branches/2020Q1/

branches/2020Q1/mail/opensmtpd/Makefile

branches/2020Q1/mail/opensmtpd/distinfo

branches/2020Q1/mail/opensmtpd/pkg-plist

MFH: r527012
rP527062
Actions