On Thu Jul 01, 2021 at 08:06:38AM +0000, Klemens Nanni wrote: > (portroach didn't show this...) > > This is a maintenance & security release. > > - fixed CVE-2021-3578: possible remote code execution > - fixed crash on invalid CAPABILITY response code > - tolerate INBOX mis-casing in Path setting > > https://seclists.org/oss-sec/2021/q2/185 > > Tested/working on amd64. > OK? > > > > Index: devel/quirks/Makefile > =================================================================== > RCS file: /cvs/ports/devel/quirks/Makefile,v > retrieving revision 1.1270 > diff -u -p -r1.1270 Makefile > --- devel/quirks/Makefile 20 Jun 2021 22:53:50 -0000 1.1270 > +++ devel/quirks/Makefile 1 Jul 2021 08:02:53 -0000 > @@ -5,7 +5,7 @@ CATEGORIES = devel databases > DISTFILES = > > # API.rev > -PKGNAME = quirks-4.23 > +PKGNAME = quirks-4.24 > PKG_ARCH = * > MAINTAINER = Marc Espie <es...@openbsd.org> > > Index: devel/quirks/files/Quirks.pm > =================================================================== > RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v > retrieving revision 1.1286 > diff -u -p -r1.1286 Quirks.pm > --- devel/quirks/files/Quirks.pm 20 Jun 2021 22:53:50 -0000 1.1286 > +++ devel/quirks/files/Quirks.pm 1 Jul 2021 08:03:43 -0000 > @@ -1405,7 +1405,7 @@ my $cve = { > 'lang/ruby/2.6,-main' => 'ruby->2.6,<2.6.2', > 'mail/dovecot,-server' => 'dovecot-<2.3.10.1', > 'mail/exim' => 'exim-<4.83', > - 'mail/isync' => 'isync-<1.3.5', > + 'mail/isync' => 'isync-<1.4.2', > 'mail/mailman' => 'mailman-<2.1.30', > 'mail/p5-Mail-SpamAssassin' => 'p5-Mail-SpamAssassin-<3.4.4', > 'mail/roundcubemail' => 'roundcubemail-<1.3.8',
IMHO; I have come to the conclusion that the CVE quirks sections is a waste of time with no/little benefit. There is no consensus to maintain that. (I do not want to start a discussion ;)
