CVE-2020-8793 OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8793 https://nvd.nist.gov/vuln/detail/CVE-2020-8793 CVE-2020-8794 OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8794 https://nvd.nist.gov/vuln/detail/CVE-2020-8794
version 6.0.3_p1-r3 in tree
Cleanup has been done 3 days ago: commit ea5bd9d4206b4e0c2c75a03337509e0d6d72ef51 Author: Jason A. Donenfeld <zx2c4@gentoo.org> Date: Sat Mar 7 08:30:24 2020 +0800 mail-mta/opensmtpd: remove ancient ~6.0.3_p1 version Closes: https://bugs.gentoo.org/710754 Package-Manager: Portage-2.3.88, Repoman-2.3.20 Signed-off-by: Jason A. Donenfeld <zx2c4@gentoo.org>
