Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.


Entered Topic
2012-08-30 fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-08-14 fetchmail -- two vulnerabilities in NTLM authentication
2011-06-06 fetchmail -- STARTTLS denial of service
2010-04-20 fetchmail -- denial of service vulnerability
2010-02-12 fetchmail -- heap overflow on verbose X.509 display
2009-08-11 fetchmail -- improper SSL certificate subject verification
2008-07-01 fetchmail -- potential crash in -v -v verbose mode (revised patch)
2008-06-20 fetchmail -- potential crash in -v -v verbose mode
2007-09-02 fetchmail -- denial of service on reject of local warning message
2007-04-09 fetchmail -- insecure APOP authentication
2007-01-06 fetchmail -- crashes when refusing a message bound for an MDA
fetchmail -- TLS enforcement problem/MITM attack/password exposure
2006-01-23 fetchmail -- crash when bouncing a message
2005-12-19 fetchmail -- null pointer dereference in multidrop mode with headerless email
2005-10-30 fetchmail -- fetchmailconf local password exposure
2005-07-22 fetchmail -- denial of service/crash from malicious POP3 server
2005-07-20 fetchmail -- remote root/code injection from malicious POP3 server
2004-02-25 fetchmail -- denial-of-service vulnerability
2003-10-25 fetchmail -- address parsing vulnerability