CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2021/02/22 11:58:00
Modified files:
mail/isync : Tag: OPENBSD_6_8 Makefile distinfo
mail/isync/patches: Tag: OPENBSD_6_8 patch-src_drv_imap_c
Log message:
Update to isync-1.3.5
Fixes CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB in
particular, '..' in the name could be used to escape the Path/Inbox of a
Maildir Store, which could be exploited for stealing or deleting data,
or staging a (mild) DoS attack.
OK kn@ (maintainer)
