summaryrefslogtreecommitdiff
path: root/mail/squirrelmail/patches/patch-ab
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2020-05-18 14:20:46 +0000
committertaca <taca@pkgsrc.org>2020-05-18 14:20:46 +0000
commit08b71586c9c958d027f70de5d8cef35edecd6e16 (patch)
treea02586618a0adbf43d3c45997ce4befd30ddcfda /mail/squirrelmail/patches/patch-ab
parent8b47e969cf90fac3e6e991cfc88460d7aab91336 (diff)
downloadpkgsrc-08b71586c9c958d027f70de5d8cef35edecd6e16.tar.gz
mail/dovecot2: update to 2.3.10.1
Update dovecot2 to 2.3.10.1. v2.3.10.1 2020-05-18 Aki Tuomi <aki.tuomi@open-xchange.com> - CVE-2020-10957: lmtp/submission: A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication. - CVE-2020-10958: lmtp/submission: Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands. - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash.
Diffstat (limited to 'mail/squirrelmail/patches/patch-ab')
0 files changed, 0 insertions, 0 deletions