pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/59743 (mail/opensmtpd: CVE-2025-62875: OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket)
On 25/11/02 12:17AM, wiz%NetBSD.org@localhost wrote:
> Synopsis: mail/opensmtpd: CVE-2025-62875: OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket
This is fixed by upstream commit #653abf0: "smtpd(8) can die if a
malformed imsg is sent on the local socket", [0] which is included in
7.8.0.[1], and documented in the initial disclosure [2].
On pkgsrc-trunk, mail/opensmtpd was updated to 7.8.0 on November the 2nd,
[3] and the pkgsrc-vulnerabilities list was updated to reflect the fact
that opensmtpd-7.7.0p0, found in pkgsrc-2025Q3, is the only version
known to be affected by this bug.[4]
[0] https://github.com/OpenSMTPD/OpenSMTPD/commit/653abf00f5283a2d3247eb9aabf8987d1b2f0510
[1] https://github.com/OpenSMTPD/OpenSMTPD/commit/4a44acf179f7ba85dd8341aa8c2f2748bb47f73a
[2] https://www.openwall.com/lists/oss-security/2025/10/31/3
[3] https://mail-index.netbsd.org/pkgsrc-changes/2025/11/02/msg333122.html
[4] https://mail-index.netbsd.org/pkgsrc-changes/2025/11/02/msg333094.html
Home |
Main Index |
Thread Index |
Old Index