CVSROOT: /cvs Module name: ports Changes by: st...@cvs.openbsd.org 2020/05/19 05:47:29
Modified files: mail/dovecot : Tag: OPENBSD_6_6 Makefile Added files: mail/dovecot/patches: Tag: OPENBSD_6_6 patch-src_lib-smtp_smtp-address_c patch-src_lib-smtp_smtp-address_h patch-src_lib-smtp_smtp-server-cmd-noop_c patch-src_lib-smtp_smtp-server-cmd-vrfy_c patch-src_lib-smtp_smtp-server-command_c patch-src_lib-smtp_smtp-server-connection_c patch-src_lib-smtp_smtp-server-private_h patch-src_lib-smtp_smtp-syntax_c patch-src_lmtp_lmtp-commands_c Log message: Backport the diff between Dovecot 2.3.10 and 2.3.10.1 to 2.3.9 for 6.6-stable OK Brad DOV-3784, CVE-2020-10957: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. DOV-3875, CVE-2020-10958: Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submission or lmtp service. DOV-1745, CVE-2020-10967: Sending mail with empty quoted localpart causes submission or lmtp component to crash.