diff options
| author | Juergen Lock <nox@FreeBSD.org> | 2012-04-06 16:07:06 +0000 |
|---|---|---|
| committer | Juergen Lock <nox@FreeBSD.org> | 2012-04-06 16:07:06 +0000 |
| commit | 2039acdad0aa90bdf14d56c3937f326ee71a82bf (patch) | |
| tree | 73ff322c95e2d6f17dbe6dc4ad9e05f1584dbde4 | |
| parent | c27f8ed8edf680cded462d2a596f54b179643c6c (diff) | |
Notes
| -rw-r--r-- | mail/mutt-devel/Makefile | 2 | ||||
| -rw-r--r-- | mail/mutt-devel/files/patch-gnutls-CN-validation | 29 | ||||
| -rw-r--r-- | mail/mutt-devel/files/patch-nbsp | 22 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
4 files changed, 82 insertions, 1 deletions
diff --git a/mail/mutt-devel/Makefile b/mail/mutt-devel/Makefile index 843b64501794..e0b831193fb5 100644 --- a/mail/mutt-devel/Makefile +++ b/mail/mutt-devel/Makefile @@ -122,7 +122,7 @@ PORTNAME= mutt-devel PORTVERSION= 1.5.21 -PORTREVISION?= 3 +PORTREVISION?= 4 CATEGORIES+= mail ipv6 .if defined(WITH_MUTT_NNTP) CATEGORIES+= news diff --git a/mail/mutt-devel/files/patch-gnutls-CN-validation b/mail/mutt-devel/files/patch-gnutls-CN-validation new file mode 100644 index 000000000000..e19608b86571 --- /dev/null +++ b/mail/mutt-devel/files/patch-gnutls-CN-validation @@ -0,0 +1,29 @@ +--- mutt_ssl_gnutls.c.orig ++++ mutt_ssl_gnutls.c +@@ -999,6 +999,7 @@ + unsigned int cert_list_size = 0; + gnutls_certificate_status certstat; + int certerr, i, preauthrc, savedcert, rc = 0; ++ int rcpeer; + + if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE) + { +@@ -1024,6 +1025,9 @@ + for (i = 0; i < cert_list_size; i++) { + rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i, + &certerr, &savedcert); ++ if (i == 0) ++ rcpeer = rc; ++ + preauthrc += rc; + + if (savedcert) +@@ -1049,7 +1053,7 @@ + dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc)); + + certstat = tls_verify_peers (state); +- if (!certstat) ++ if (!certstat && !rcpeer) + return 1; + } + } diff --git a/mail/mutt-devel/files/patch-nbsp b/mail/mutt-devel/files/patch-nbsp new file mode 100644 index 000000000000..e996a05d1ea0 --- /dev/null +++ b/mail/mutt-devel/files/patch-nbsp @@ -0,0 +1,22 @@ +diff --git a/pager.c b/pager.c +--- pager.c ++++ pager.c +@@ -1187,10 +1187,17 @@ + last_special = special; + } + +- if (IsWPrint (wc)) ++ if (IsWPrint (wc) || (Charset_is_utf8 && wc == 0x00A0)) + { + if (wc == ' ') + space = ch; ++ else if (Charset_is_utf8 && wc == 0x00A0) ++ { ++ /* Convert non-breaking space to normal space. The local variable ++ * `space' is not set here so that the caller of this function won't ++ * attempt to wrap at this character. */ ++ wc = ' '; ++ } + t = wcwidth (wc); + if (col + t > wrap_cols) + break; diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7c9ca9a62242..0079df628231 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="49314321-7fd4-11e1-9582-001b2134ef46"> + <topic>mutt-devel -- failure to check SMTP TLS server certificate</topic> + <affects> + <package> + <name>mutt-devel</name> + <range><lt>1.5.21_4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dave B reports on Full Disclosure:</p> + <blockquote cite="http://seclists.org/fulldisclosure/2011/Mar/87"> + <p>It seems that mutt fails to check the validity of a SMTP + servers certificate during a TLS connection. [...] + This means that an attacker could potentially MITM a + mutt user connecting to their SMTP server even when the + user has forced a TLS connection.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-1429</cvename> + <url>http://seclists.org/fulldisclosure/2011/Mar/87</url> + </references> + <dates> + <discovery>2012-03-08</discovery> + <entry>2012-04-06</entry> + </dates> + </vuln> + <vuln vid="057130e6-7f61-11e1-8a43-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |