250535975d
Fixes the following security issues:
- CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and
lmtp processes
lib-smtp doesn't handle truncated command parameters properly, resulting
in infinite loop taking 100% CPU for the process. This happens for LMTP
(where it doesn't matter so much) and also for submission-login where
unauthenticated users can trigger it.
- CVE-2020-7957: Specially crafted mail can crash snippet generation
Snippet generation crashes if:
- message is large enough that message-parser returns multiple body
blocks
- The first block(s) don't contain the full snippet (e.g. full of
whitespace)
- input ends with '>'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
||
|---|---|---|
| .. | ||
| 0001-byteorder.h-fix-uclibc-build.patch | ||
| 0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch | ||
| Config.in | ||
| dovecot.hash | ||
| dovecot.mk | ||