CVSROOT: /cvs Module name: ports Changes by: b...@cvs.openbsd.org 2021/02/22 11:58:00
Modified files: mail/isync : Tag: OPENBSD_6_8 Makefile distinfo mail/isync/patches: Tag: OPENBSD_6_8 patch-src_drv_imap_c Log message: Update to isync-1.3.5 Fixes CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB in particular, '..' in the name could be used to escape the Path/Inbox of a Maildir Store, which could be exploited for stealing or deleting data, or staging a (mild) DoS attack. OK kn@ (maintainer)