diff options
author | taca <taca@pkgsrc.org> | 2020-05-18 14:20:46 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2020-05-18 14:20:46 +0000 |
commit | 08b71586c9c958d027f70de5d8cef35edecd6e16 (patch) | |
tree | a02586618a0adbf43d3c45997ce4befd30ddcfda /mail/squirrelmail/patches/patch-ab | |
parent | 8b47e969cf90fac3e6e991cfc88460d7aab91336 (diff) | |
download | pkgsrc-08b71586c9c958d027f70de5d8cef35edecd6e16.tar.gz |
mail/dovecot2: update to 2.3.10.1
Update dovecot2 to 2.3.10.1.
v2.3.10.1 2020-05-18 Aki Tuomi <aki.tuomi@open-xchange.com>
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
Diffstat (limited to 'mail/squirrelmail/patches/patch-ab')
0 files changed, 0 insertions, 0 deletions