diff options
| author | bdrewery <bdrewery@FreeBSD.org> | 2013-04-15 20:28:58 +0800 |
|---|---|---|
| committer | bdrewery <bdrewery@FreeBSD.org> | 2013-04-15 20:28:58 +0800 |
| commit | 44fd9431a7cc188ace0b0b9ceca9e8faa0957acb (patch) | |
| tree | ff9a3379f838aeb7f471dc6acc2880c5cccc96c1 /security/vuxml | |
| parent | c874e2d39aaf50e085b042a2a684fda5adf79208 (diff) | |
| download | freebsd-ports-gnome-44fd9431a7cc188ace0b0b9ceca9e8faa0957acb.tar.gz freebsd-ports-gnome-44fd9431a7cc188ace0b0b9ceca9e8faa0957acb.tar.zst freebsd-ports-gnome-44fd9431a7cc188ace0b0b9ceca9e8faa0957acb.zip | |
- Update to 0.85
- Convert to new options framework
sieve-connect was not actually verifying TLS certificate identities matched
the expected hostname. Changes with new version:
Fix TLS verification; find server by own hostname & SRV.
* TLS hostname verification was not actually happening.
* IO::Socket::SSL requirement bumped to 1.14 (was 0.97).
* By default, if no server specified, before falling back to localhost try to
use the current hostname and SRV records in DNS to figure out if Sieve is
available. Checks for sieve, imaps & imap protocol SRV records and honours
target==. to mean "no".
* This works better with the Mozilla::PublicSuffix module installed.
* Added ability to blacklist authentication mechanisms
More info:
http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html
PR: ports/177859
Submitted by: "Alexey V. Degtyarev" <alexey@renatasystems.org> (maintainer)
Approved by: portmgr (implicit)
Security: a2ff483f-a5c6-11e2-9601-000d601460a4
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6accd13dfd78..d020151e3c7e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,32 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a2ff483f-a5c6-11e2-9601-000d601460a4"> + <topic>sieve-connect -- TLS hostname verification was not occurring</topic> + <affects> + <package> + <name>sieve-connect</name> + <range><lt>0.85</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>sieve-connect developer Phil Pennock reports:</p> + <blockquote cite="http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html"> + <p>sieve-connect was not actually verifying TLS certificate identities + matched the expected hostname.</p> + </blockquote> + </body> + </description> + <references> + <url>http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html</url> + </references> + <dates> + <discovery>2013-04-14</discovery> + <entry>2013-04-15</entry> + </dates> + </vuln> + <vuln vid="15236023-a21b-11e2-a460-208984377b34"> <topic>linux-flashplugin -- multiple vulnerabilities</topic> <affects> |