CVS: cvs.openbsd.org: ports

Stuart Henderson Tue, 19 May 2020 04:48:19 -0700

CVSROOT:        /cvs
Module name:    ports
Changes by:     [email protected]   2020/05/19 05:47:29


Modified files:
        mail/dovecot   : Tag: OPENBSD_6_6 Makefile 
Added files:
        mail/dovecot/patches: Tag: OPENBSD_6_6 
                              patch-src_lib-smtp_smtp-address_c 
                              patch-src_lib-smtp_smtp-address_h 
                              patch-src_lib-smtp_smtp-server-cmd-noop_c 
                              patch-src_lib-smtp_smtp-server-cmd-vrfy_c 
                              patch-src_lib-smtp_smtp-server-command_c 
                              patch-src_lib-smtp_smtp-server-connection_c 
                              patch-src_lib-smtp_smtp-server-private_h 
                              patch-src_lib-smtp_smtp-syntax_c 
                              patch-src_lmtp_lmtp-commands_c 

Log message:
Backport the diff between Dovecot 2.3.10 and 2.3.10.1 to 2.3.9 for 6.6-stable
OK Brad

DOV-3784, CVE-2020-10957: Sending malformed NOOP command causes
crash in submission, submission-login or lmtp service.

DOV-3875, CVE-2020-10958: Sending command followed by sufficient
number of newlines triggers a use-after-free bug that might crash
submission-login, submission or lmtp service.

DOV-1745, CVE-2020-10967: Sending mail with empty quoted localpart
causes submission or lmtp component to crash.

CVS: cvs.openbsd.org: ports

Reply via email to