pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/59743 (mail/opensmtpd: CVE-2025-62875: OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket)
The following reply was made to PR pkg/59743; it has been noted by GNATS.
From: Paolo Vincenzo Olivo <vins%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: pkg-manager%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
wiz%NetBSD.org@localhost, rbranco%suse.de@localhost
Subject: Re: pkg/59743 (mail/opensmtpd: CVE-2025-62875: OpenSMTPD: Trivial
Local Denial-of-Service via UNIX Domain Socket)
Date: Sat, 8 Nov 2025 22:06:13 +0000
On 25/11/02 12:17AM, wiz%NetBSD.org@localhost wrote:
> Synopsis: mail/opensmtpd: CVE-2025-62875: OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket
This is fixed by upstream commit #653abf0: "smtpd(8) can die if a
malformed imsg is sent on the local socket", [0] which is included in
7.8.0.[1], and documented in the initial disclosure [2].
On pkgsrc-trunk, mail/opensmtpd was updated to 7.8.0 on November the 2nd,
[3] and the pkgsrc-vulnerabilities list was updated to reflect the fact
that opensmtpd-7.7.0p0, found in pkgsrc-2025Q3, is the only version
known to be affected by this bug.[4]
[0] https://github.com/OpenSMTPD/OpenSMTPD/commit/653abf00f5283a2d3247eb9aabf8987d1b2f0510
[1] https://github.com/OpenSMTPD/OpenSMTPD/commit/4a44acf179f7ba85dd8341aa8c2f2748bb47f73a
[2] https://www.openwall.com/lists/oss-security/2025/10/31/3
[3] https://mail-index.netbsd.org/pkgsrc-changes/2025/11/02/msg333122.html
[4] https://mail-index.netbsd.org/pkgsrc-changes/2025/11/02/msg333094.html
Home |
Main Index |
Thread Index |
Old Index