Multiple issues allow crashing daemons or cause memory corruption.
@maintainer(s), please bump to 220.127.116.11.
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the
lmtp service to crash.
The bug has been referenced in the following commit(s):
Author: Eray Aslan <firstname.lastname@example.org>
AuthorDate: 2020-05-20 08:05:38 +0000
Commit: Eray Aslan <email@example.com>
CommitDate: 2020-05-20 08:06:36 +0000
net-mail/dovecot: security bump to 18.104.22.168
and fix automagic dependency on libunwind
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Eray Aslan <firstname.lastname@example.org>
net-mail/dovecot/Manifest | 1 +
net-mail/dovecot/dovecot-22.214.171.124.ebuild | 288 +++++++++++++++++++++++++++++++
2 files changed, 289 insertions(+)
Arches, please test and mark stable
Target Keywords = ~alpha amd64 arm hppa ~ia64 ~mips ppc ppc64 s390 ~sparc x86
(In reply to Eray Aslan from comment #4)
> Arches, please test and mark stable
~hppa is ok
Sanity check failed:
> depend hppa stable profile default/linux/hppa/17.0 (3 total)
> rdepend hppa stable profile default/linux/hppa/17.0 (3 total)
All sanity-check issues have been resolved
GLSA Vote: No