[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.5.6.html]
NOTE: This addresses a new problem in Postfix 3.5.5, 3.4.15, 3.3.13,
3.2.18, which were released two days earlier but not announced.
Fixed in Postfix versions 3.5.6, 3.4.16, 3.3.14, 3.2.19:
* One fix for memory leaks in the Postfix TLS library was back-ported
to the wrong place, resulting in undefined program behavior.
Fixed in Postfix versions 3.5.6, 3.4.16:
* The workaround for allowed TLS protocol versions did not explictly
override the system-wide OpenSSL configuration, for sessions
where the remote SMTP client sends SNI. It's better to be safe
than sorry.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Wietse
