1.11 was released on 21.03.21 with security fix: https://github.com/roehling/postsrsd/releases/tag/1.11 Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c2210c49a427dd15d93fd3635557ec9e1dbff1e commit 1c2210c49a427dd15d93fd3635557ec9e1dbff1e Author: Dirkjan Ochtman <djc@gentoo.org> AuthorDate: 2021-06-07 15:14:27 +0000 Commit: Dirkjan Ochtman <djc@gentoo.org> CommitDate: 2021-06-07 15:14:27 +0000 mail-filter/postsrsd: version bump to 1.11 with security fix Bug: https://bugs.gentoo.org/793674 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Dirkjan Ochtman <djc@gentoo.org> mail-filter/postsrsd/Manifest | 1 + mail-filter/postsrsd/postsrsd-1.11.ebuild | 35 +++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+)
"SECURITY FIX: The subprocess that talks to Postfix could be caused to hang with a very long email address (see 077be98 for details, thanks to Mateusz Jończyk for the report). [Note: This bug seems only exploitable if Postfix is tricked into passing a whole list of addresses as single query to PostSRSd, such as it was observed in #37.]"
x86 done
amd64 done all arches done
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ace18e8c1379f3854c589153ba9029287c1bdbc7 commit ace18e8c1379f3854c589153ba9029287c1bdbc7 Author: Dirkjan Ochtman <djc@gentoo.org> AuthorDate: 2021-06-09 07:39:07 +0000 Commit: Dirkjan Ochtman <djc@gentoo.org> CommitDate: 2021-06-09 07:39:30 +0000 mail-filter/postsrsd: clean up vulnerable version Bug: https://bugs.gentoo.org/show_bug.cgi?id=793674 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Dirkjan Ochtman <djc@gentoo.org> mail-filter/postsrsd/Manifest | 1 - mail-filter/postsrsd/postsrsd-1.10.ebuild | 35 ------------------------------- 2 files changed, 36 deletions(-)
Thank you!
Added to existing request
This issue was resolved and addressed in GLSA 202107-08 at https://security.gentoo.org/glsa/202107-08 by GLSA coordinator John Helmert III (ajak).