CVSROOT: /cvs Module name: ports Changes by: [email protected] 2021/02/22 11:50:53
Modified files:
mail/isync : Makefile distinfo
mail/isync/patches: patch-src_drv_imap_c
Log message:
Update to isync-1.3.5
Fixes CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB in
particular, '..' in the name could be used to escape the Path/Inbox of a
Maildir Store, which could be exploited for stealing or deleting data,
or staging a (mild) DoS attack.
OK kn@ (maintainer)
