OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
version 6.0.3_p1-r3 in tree
Cleanup has been done 3 days ago:
Author: Jason A. Donenfeld <firstname.lastname@example.org>
Date: Sat Mar 7 08:30:24 2020 +0800
mail-mta/opensmtpd: remove ancient ~6.0.3_p1 version
Package-Manager: Portage-2.3.88, Repoman-2.3.20
Signed-off-by: Jason A. Donenfeld <email@example.com>