curl: SMTP Command Injection via CRLF in libcurl MAIL_FROM / MAIL_RCPT (lib/smtp.c)

Summary libcurl’s SMTP implementation fails to properly sanitize CRLF sequences in user-controlled inputs passed via CURLOPTMAILFROM and CURLOPTMAILRCPT. The function smtpparseaddress lib/smtp.c:277 extracts any data following the closing character as a raw suffix and incorporates it directly int...

Mozilla: S/MIME signature accepted despite mismatching message date

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

CentOS 4 : vixie-cron (CESA-2005:361)

An updated vixie-cron package that fixes various bugs and a security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specifie...

CVE-2010-0525

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...