Date: Mon, 11 May 2015 10:35:58 +0200 From: olli hauer <ohauer@gmx.de> To: Cristiano Deana <cristiano.deana@gmail.com>, FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>, freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: Re: Wrong security audit for mail/postfix ? Message-ID: <35A69C37-F4ED-4235-8491-5F66E355592F@gmx.de> In-Reply-To: <CAO82ECEyOzyHapBRKjrdrTobVfP5zjNGhX_uZn9Gfu7g7NzbOw@mail.gmail.com> References: <CAO82ECEyOzyHapBRKjrdrTobVfP5zjNGhX_uZn9Gfu7g7NzbOw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 11, 2015 9:38:46 AM CEST, Cristiano Deana <cristiano=2Edeana@gmail= =2Ecom> wrote: > Hi, >=20 > this morning I got for my mailservers >=20 > # pkg audit > postfix-2=2E11=2E4,1 is vulnerable: > postfix -- plaintext command injection with SMTP over TLS > CVE: CVE-2011-0411 > WWW: > http://vuxml=2EFreeBSD=2Eorg/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c= 7=2Ehtml >=20 > postfix-2=2E11=2E4,1 is vulnerable: > Postfix -- memory corruption vulnerability > CVE: CVE-2011-1720 > WWW: > http://vuxml=2EFreeBSD=2Eorg/freebsd/3eb2c100-738b-11e0-89f4-001e90d4663= 5=2Ehtml >=20 > But this is a bug from 2011, and it's blocking new install or updates > of postfix packages=2E >=20 > Who should be warned of this? >=20 > Thank you=2E Hi Cristiano, this should be fixed=2Emeanwhile=2E Please run the command=20 # pkg audit -F --=20 Regards, olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35A69C37-F4ED-4235-8491-5F66E355592F>