CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2020/02/12 08:00:45
Modified files:
mail/dovecot : Makefile distinfo
Log message:
update to Dovecot 2.3.9.3, from Brad (maintainer).
CVE-2020-7046
lib-smtp doesn't handle truncated command parameters properly, resulting
in infinite loop taking 100% CPU for the process. This happens for LMTP
(where it doesn't matter so much) and also for submission-login where
unauthenticated users can trigger it.
CVE-2020-7957
Snippet generation crashes if:
- message is large enough that message-parser returns multiple body blocks
- The first block(s) don't contain the full snippet (e.g. full of whitespace)
- input ends with '>'
Sending specially crafted email can cause mailbox to have permanently
unaccessible mail, or the mail can be stuck in delivery.
