v2.3.5.1 released
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files. --- Aki Tuomi Open-Xchange oy signature.asc Description: OpenPGP digital signature
Re: v2.3.5.1 released
Hi, Why didn’t you apply this patch to v2.3.5.1? commit df8addd41d87e61113de22a21a0e61506a8d74c2 Author: Stephan Bosch Date: Tue Mar 12 03:18:33 2019 +0100 submission-login: client-authenticate - Fix crash occurring when client disconnects during authentication. diff --git a/src/submission-login/client-authenticate.c b/src/submission-login/client-authenticate.c index 8b5422f833..6b70701a1a 100644 --- a/src/submission-login/client-authenticate.c +++ b/src/submission-login/client-authenticate.c @@ -98,6 +98,9 @@ void submission_client_auth_result(struct client *client, container_of(client, struct submission_client, common); struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth; + if (subm_client->conn == NULL) + return; + subm_client->pending_auth = NULL; i_assert(cmd != NULL); diff --git a/src/submission-login/client.c b/src/submission-login/client.c index 3e45e556c7..212afb92cf 100644 --- a/src/submission-login/client.c +++ b/src/submission-login/client.c @@ -212,6 +212,8 @@ static void client_connection_disconnect(void *context, const char *reason) { struct submission_client *client = context; + client->pending_auth = NULL; + client->pending_starttls = NULL; client_disconnect(>common, reason); } > On 28 Mar 2019, at 08:41, Aki Tuomi via dovecot wrote: > > https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz > https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig > Binary packages in https://repo.dovecot.org/ > > * CVE-2019-7524: Missing input buffer size validation leads into > arbitrary buffer overflow when reading fts or pop3 uidl header > from Dovecot index. Exploiting this requires direct write access to > the index files. > > --- > Aki Tuomi > Open-Xchange oy >
[Dovecot-news] v2.3.5.1 released
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig Binary packages in https://repo.dovecot.org/ * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files. --- Aki Tuomi Open-Xchange oy signature.asc Description: OpenPGP digital signature ___ Dovecot-news mailing list Dovecot-news@dovecot.org https://dovecot.org/mailman/listinfo/dovecot-news
Re: v2.3.5.1 released
2.3.5.1 was only for releasing CVE. We have decided not to add non-related fixes into patch releases containing CVE releases for clarity. Aki On 28.3.2019 13.57, Marcelo Coelho via dovecot wrote: > Hi, > > Why didn’t you apply this patch to v2.3.5.1? > > > commit df8addd41d87e61113de22a21a0e61506a8d74c2 > Author: Stephan Bosch > Date: Tue Mar 12 03:18:33 2019 +0100 > >submission-login: client-authenticate - Fix crash occurring when client > disconnects during authentication. > > diff --git a/src/submission-login/client-authenticate.c > b/src/submission-login/client-authenticate.c > index 8b5422f833..6b70701a1a 100644 > --- a/src/submission-login/client-authenticate.c > +++ b/src/submission-login/client-authenticate.c > @@ -98,6 +98,9 @@ void submission_client_auth_result(struct client *client, >container_of(client, struct submission_client, common); >struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth; > > + if (subm_client->conn == NULL) > + return; > + >subm_client->pending_auth = NULL; >i_assert(cmd != NULL); > > diff --git a/src/submission-login/client.c b/src/submission-login/client.c > index 3e45e556c7..212afb92cf 100644 > --- a/src/submission-login/client.c > +++ b/src/submission-login/client.c > @@ -212,6 +212,8 @@ static void client_connection_disconnect(void *context, > const char *reason) > { >struct submission_client *client = context; > > + client->pending_auth = NULL; > + client->pending_starttls = NULL; >client_disconnect(>common, reason); > } > > >> On 28 Mar 2019, at 08:41, Aki Tuomi via dovecot wrote: >> >> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz >> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig >> Binary packages in https://repo.dovecot.org/ >> >> * CVE-2019-7524: Missing input buffer size validation leads into >> arbitrary buffer overflow when reading fts or pop3 uidl header >> from Dovecot index. Exploiting this requires direct write access to >> the index files. >> >> --- >> Aki Tuomi >> Open-Xchange oy >>