mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-05 03:13:41 +08:00
250535975d
Fixes the following security issues: - CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it. - CVE-2020-7957: Specially crafted mail can crash snippet generation Snippet generation crashes if: - message is large enough that message-parser returns multiple body blocks - The first block(s) don't contain the full snippet (e.g. full of whitespace) - input ends with '>' Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
---|---|---|
.. | ||
0001-byteorder.h-fix-uclibc-build.patch | ||
0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch | ||
Config.in | ||
dovecot.hash | ||
dovecot.mk |