[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.5.10.html]
The following fixes address null pointer bugs and a memory leak that
have no potential for information loss or leaks, privilege escalation,
or denial of service.
Fixed in Postfix 3.4 and 3.5:
* Missing null pointer checks (introduced in Postfix 3.4) after
an internal I/O error during the smtp(8) to tlsproxy(8) handshake.
Found by Coverity, reported by Jaroslav Skarvada. Based on a
fix by Viktor Dukhovni.
Fixed in all supported Postfix releases:
* Null pointer bug (introduced in Postfix 3.0) and memory leak
(introduced in Postfix 3.4) after an inline: table syntax error
in main.cf or master.cf. Found by Coverity, reported by Jaroslav
Skarvada. Based on a fix by Viktor Dukhovni.
* Incomplete null pointer check (introduced: Postfix 2.10) after
truncated HaProxy version 1 handshake message. Found by Coverity,
reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
* Missing null pointer check (introduced: Postfix alpha) after
null argv[0] value.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Wietse
