- Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated
sending of malformed parameters to a NOOP command causes a NULL
Pointer Dereference and crash in submission-login, submission, or
lmtp.
- Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP
message triggers an unauthenticated use-after-free bug in
submission-login, submission, or lmtp, and can lead to a crash under
circumstances involving many newlines after a command.
- Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote
unauthenticated attackers can crash the lmtp or submission process by
sending mail with an empty localpart.
- Drop first patch (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
03fbb81b8b