[Buildroot] [PATCH v2] package/dovecot: security bump to version 2.3.9.3
Peter Korsgaard
peter at korsgaard.com
Sat Feb 15 10:53:05 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and
> lmtp processes
> lib-smtp doesn't handle truncated command parameters properly, resulting
> in infinite loop taking 100% CPU for the process. This happens for LMTP
> (where it doesn't matter so much) and also for submission-login where
> unauthenticated users can trigger it.
> - CVE-2020-7957: Specially crafted mail can crash snippet generation
> Snippet generation crashes if:
> - message is large enough that message-parser returns multiple body
> blocks
> - The first block(s) don't contain the full snippet (e.g. full of
> whitespace)
> - input ends with '>'
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> Changes since v1:
> - Fix subject
> - Drop unicode from commit text
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list