oss-sec mailing list archives

Re: CVE requests: Critical vulnerabilities in OpenSMTPD

From: Arrigo Triulzi <arrigo () alchemistowl org>
Date: Fri, 2 Oct 2015 15:25:06 +0200

On Oct 2, 2015, at 15:22, Jason A. Donenfeld <Jason () zx2c4 com> wrote:

See this excerpt from the release notes below. Quite a few bugs. Looks
like at least one of them might invalidate the openbsd.org claim,
"Only two remote holes in the default install, in a heck of a long
time!”.


OpenSMTPD only listens on localhost in the default install.

Arrigo

Current thread:

CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Arrigo Triulzi (Oct 02)
  - Re: CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
    - Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade (Oct 02)