diff options
| author | Beech Rintoul <beech@FreeBSD.org> | 2008-03-10 02:09:01 +0000 |
|---|---|---|
| committer | Beech Rintoul <beech@FreeBSD.org> | 2008-03-10 02:09:01 +0000 |
| commit | 94eddc3d8d03178d8f35f854eeca0be564ca5859 (patch) | |
| tree | e159541ca5e0f54d54b392f7e79acfdf6a290b3e /security | |
| parent | 71b0d95269e7789968e0ca05d93ac54f4d451ef0 (diff) | |
| download | ports-94eddc3d8d03178d8f35f854eeca0be564ca5859.tar.gz ports-94eddc3d8d03178d8f35f854eeca0be564ca5859.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3fda0c1ca827..6f7155521540 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b39bdc06-ee42-11dc-8678-00a0cce0781e"> + <topic>dovecot -- security hole in blocking passdbs </topic> + <affects> + <package> + <name>dovecot</name> + <range><lt>1.0.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dovecot reports:</p> + <blockquote cite="http://dovecot.org/list/dovecot-news/2008-March/000065.html"> + <p>Security hole in blocking passdbs (MySQL always. PAM, passwd + and shadow if blocking=yes) where user could specify extra + fields in the password. The main problem here is when specifying + "skip_password_check" introduced in v1.0.11 for fixing master user + logins, allowing the user to log in as anyone without a valid password. + </p> + </blockquote> + </body> + </description> + <references> + <url>http://dovecot.org/list/dovecot-news/2008-March/000065.html</url> + </references> + <dates> + <discovery>2008-03-09</discovery> + <entry>2008-03-10</entry> + </dates> + </vuln> + <vuln vid="de4d4110-ebce-11dc-ae14-0016179b2dd5"> <topic>mplayer -- multiple vulnerabilities</topic> <affects> |