Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2020-05-20 21:15:13 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6203 - requested by taca
mail/dovecot2: security fix

Revisions pulled up:
- mail/dovecot2/Makefile.common                                 1.40
- mail/dovecot2/distinfo                                        1.104

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon May 18 14:20:47 UTC 2020

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common distinfo
   	pkgsrc/mail/dovecot2-sqlite: Makefile

   Log message:
   mail/dovecot2: update to 2.3.10.1

   Update dovecot2 to 2.3.10.1.

   v2.3.10.1  2020-05-18  Aki Tuomi <aki.tuomi@open-xchange.com>

   - CVE-2020-10957: lmtp/submission: A client can crash the server by
     sending a NOOP command with an invalid string parameter. This occurs
     particularly for a parameter that doesn't start with a double quote.
     This applies to all SMTP services, including submission-login, which
     makes it possible to crash the submission service without
     authentication.
   - CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
     commands can cause the server to access freed memory, which can lead
     to a server crash. This happens when the server closes the connection
     with a "421 Too many invalid commands" error. The bad command limit
     depends on the service (lmtp or submission) and varies between 10 to
     20 bad commands.
   - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
     address that has the empty quoted string as local-part causes the lmtp
     service to crash.

Next | Query returned 1 messages, browsing 1 to 10 | previous