On Thu Jul 01, 2021 at 08:06:38AM +0000, Klemens Nanni wrote:
> (portroach didn't show this...)
>
> This is a maintenance & security release.
>
> - fixed CVE-2021-3578: possible remote code execution
> - fixed crash on invalid CAPABILITY response code
> - tolerate INBOX mis-casing in Path setting
>
> https://seclists.org/oss-sec/2021/q2/185
>
> Tested/working on amd64.
> OK?
>
>
>
> Index: devel/quirks/Makefile
> ===================================================================
> RCS file: /cvs/ports/devel/quirks/Makefile,v
> retrieving revision 1.1270
> diff -u -p -r1.1270 Makefile
> --- devel/quirks/Makefile 20 Jun 2021 22:53:50 -0000 1.1270
> +++ devel/quirks/Makefile 1 Jul 2021 08:02:53 -0000
> @@ -5,7 +5,7 @@ CATEGORIES = devel databases
> DISTFILES =
>
> # API.rev
> -PKGNAME = quirks-4.23
> +PKGNAME = quirks-4.24
> PKG_ARCH = *
> MAINTAINER = Marc Espie <espie@openbsd.org>
>
> Index: devel/quirks/files/Quirks.pm
> ===================================================================
> RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
> retrieving revision 1.1286
> diff -u -p -r1.1286 Quirks.pm
> --- devel/quirks/files/Quirks.pm 20 Jun 2021 22:53:50 -0000 1.1286
> +++ devel/quirks/files/Quirks.pm 1 Jul 2021 08:03:43 -0000
> @@ -1405,7 +1405,7 @@ my $cve = {
> 'lang/ruby/2.6,-main' => 'ruby->2.6,<2.6.2',
> 'mail/dovecot,-server' => 'dovecot-<2.3.10.1',
> 'mail/exim' => 'exim-<4.83',
> - 'mail/isync' => 'isync-<1.3.5',
> + 'mail/isync' => 'isync-<1.4.2',
> 'mail/mailman' => 'mailman-<2.1.30',
> 'mail/p5-Mail-SpamAssassin' => 'p5-Mail-SpamAssassin-<3.4.4',
> 'mail/roundcubemail' => 'roundcubemail-<1.3.8',
IMHO; I have come to the conclusion that the CVE quirks sections is a
waste of time with no/little benefit. There is no consensus to maintain
that. (I do not want to start a discussion ;)
No comments:
Post a Comment