CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2020/05/19 05:47:29
Modified files:
mail/dovecot : Tag: OPENBSD_6_6 Makefile
Added files:
mail/dovecot/patches: Tag: OPENBSD_6_6
patch-src_lib-smtp_smtp-address_c
patch-src_lib-smtp_smtp-address_h
patch-src_lib-smtp_smtp-server-cmd-noop_c
patch-src_lib-smtp_smtp-server-cmd-vrfy_c
patch-src_lib-smtp_smtp-server-command_c
patch-src_lib-smtp_smtp-server-connection_c
patch-src_lib-smtp_smtp-server-private_h
patch-src_lib-smtp_smtp-syntax_c
patch-src_lmtp_lmtp-commands_c
Log message:
Backport the diff between Dovecot 2.3.10 and 2.3.10.1 to 2.3.9 for 6.6-stable
OK Brad
DOV-3784, CVE-2020-10957: Sending malformed NOOP command causes
crash in submission, submission-login or lmtp service.
DOV-3875, CVE-2020-10958: Sending command followed by sufficient
number of newlines triggers a use-after-free bug that might crash
submission-login, submission or lmtp service.
DOV-1745, CVE-2020-10967: Sending mail with empty quoted localpart
causes submission or lmtp component to crash.
