Summary: | <mail-client/mailx-8.1.2.20160123: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | fweimer, net-mail+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/12/16/12 | ||
See Also: | https://github.com/gentoo/gentoo/pull/6710 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
=mail-client/mailx-8.1.2.20160123
|
Runtime testing required: | No |
Description
Agostino Sarubbo
2014-12-21 18:13:45 UTC
CVE-2004-2771 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-2771): The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. @ Maintainer(s): Please bump current upstream version 8.1.2-0.20160123cvs-3. @Maintainers ping Gentoo Security Padawan ChrisADR net-mail please review and merge https://github.com/gentoo/gentoo/pull/6710 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=660d273f56e614c8d601d001dcfc72527b7a530f commit 660d273f56e614c8d601d001dcfc72527b7a530f Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-01-01 18:49:00 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2018-01-01 19:58:18 +0000 mail-client/mailx: drop vulnerable Bug: https://bugs.gentoo.org/533208 Package-Manager: Portage-2.3.19, Repoman-2.3.6 mail-client/mailx/mailx-8.1.2.20050715-r7.ebuild | 58 ------------------------ 1 file changed, 58 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5b1059c8e1dec352bf549be349bd8082623e8db commit e5b1059c8e1dec352bf549be349bd8082623e8db Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-01-01 18:47:56 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2018-01-01 19:58:13 +0000 mail-client/mailx: version bump to 8.1.2.20160123 Closes: https://bugs.gentoo.org/485432 Closes: https://bugs.gentoo.org/554354 Bug: https://bugs.gentoo.org/533208 Package-Manager: Portage-2.3.19, Repoman-2.3.6 mail-client/mailx/Manifest | 2 + mail-client/mailx/mailx-8.1.2.20160123.ebuild | 55 +++++++++++++++++++++++++++ 2 files changed, 57 insertions(+)} ia64 stable ppc/ppc64 stable amd64 stable x86 stable Stable on alpha. arm stable New GLSA Request filed. @hppa please finish stabilization. Thank you This issue was resolved and addressed in GLSA 201804-06 at https://security.gentoo.org/glsa/201804-06 by GLSA coordinator Aaron Bauman (b-man). re-opened for final arch and cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=651a166733627b5dd5145d4a788fc3645f2a371d commit 651a166733627b5dd5145d4a788fc3645f2a371d Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-09 17:59:13 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-09 18:42:02 +0000 mail-client/mailx: stable 8.1.2.20160123 for hppa/sparc Bug: https://bugs.gentoo.org/533208 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="hppa sparc" mail-client/mailx/mailx-8.1.2.20160123.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} Some arches are still pending to stabilize (In reply to Sergei Trofimovich from comment #7) > ppc/ppc64 stable Sergei, did you miss a push here? ppc/ppc64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4958a02fad4303587c98a4025bf6c5c088e31226 commit 4958a02fad4303587c98a4025bf6c5c088e31226 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-05-26 14:08:58 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-05-26 14:08:58 +0000 mail-client/mailx: drop vulnerable Bug: https://bugs.gentoo.org/533208 Package-Manager: Portage-2.3.40, Repoman-2.3.9 mail-client/mailx/Manifest | 2 - .../mailx/files/mailx-8.1.2.20050715-nostrip.patch | 22 ------- mail-client/mailx/mailx-8.1.2.20050715-r6.ebuild | 71 ---------------------- 3 files changed, 95 deletions(-) |