Source: postsrsd
Version: 1.10-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for postsrsd.

CVE-2021-35525[0]:
| PostSRSd before 1.11 allows a denial of service (subprocess hang) if
| Postfix sends certain long data fields such as multiple concatenated
| email addresses. NOTE: the PostSRSd maintainer acknowledges
| "theoretically, this error should never occur ... I'm not sure if
| there's a reliable way to trigger this condition by an external
| attacker, but it is a security bug in PostSRSd nevertheless."


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-35525
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35525
[1] 
https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to