v2.3.5.1 released

2019-03-28 Thread Aki Tuomi via dovecot 
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
Binary packages in https://repo.dovecot.org/

    * CVE-2019-7524: Missing input buffer size validation leads into
  arbitrary buffer overflow when reading fts or pop3 uidl header
  from Dovecot index. Exploiting this requires direct write access to
  the index files.

---
Aki Tuomi
Open-Xchange oy



signature.asc
Description: OpenPGP digital signature

Re: v2.3.5.1 released

2019-03-28 Thread Marcelo Coelho via dovecot 
Hi,

Why didn’t you apply this patch to v2.3.5.1?


commit df8addd41d87e61113de22a21a0e61506a8d74c2
Author: Stephan Bosch 
Date:   Tue Mar 12 03:18:33 2019 +0100

   submission-login: client-authenticate - Fix crash occurring when client 
disconnects during authentication.

diff --git a/src/submission-login/client-authenticate.c 
b/src/submission-login/client-authenticate.c
index 8b5422f833..6b70701a1a 100644
--- a/src/submission-login/client-authenticate.c
+++ b/src/submission-login/client-authenticate.c
@@ -98,6 +98,9 @@ void submission_client_auth_result(struct client *client,
   container_of(client, struct submission_client, common);
   struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth;

+   if (subm_client->conn == NULL)
+   return;
+
   subm_client->pending_auth = NULL;
   i_assert(cmd != NULL);

diff --git a/src/submission-login/client.c b/src/submission-login/client.c
index 3e45e556c7..212afb92cf 100644
--- a/src/submission-login/client.c
+++ b/src/submission-login/client.c
@@ -212,6 +212,8 @@ static void client_connection_disconnect(void *context, 
const char *reason)
{
   struct submission_client *client = context;

+   client->pending_auth = NULL;
+   client->pending_starttls = NULL;
   client_disconnect(>common, reason);
}


> On 28 Mar 2019, at 08:41, Aki Tuomi via dovecot  wrote:
> 
> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
> Binary packages in https://repo.dovecot.org/
> 
> * CVE-2019-7524: Missing input buffer size validation leads into
>   arbitrary buffer overflow when reading fts or pop3 uidl header
>   from Dovecot index. Exploiting this requires direct write access to
>   the index files.
> 
> ---
> Aki Tuomi
> Open-Xchange oy
>

[Dovecot-news] v2.3.5.1 released

2019-03-28 Thread Aki Tuomi via Dovecot-news 
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
Binary packages in https://repo.dovecot.org/

    * CVE-2019-7524: Missing input buffer size validation leads into
  arbitrary buffer overflow when reading fts or pop3 uidl header
  from Dovecot index. Exploiting this requires direct write access to
  the index files.

---
Aki Tuomi
Open-Xchange oy



signature.asc
Description: OpenPGP digital signature
___
Dovecot-news mailing list
Dovecot-news@dovecot.org
https://dovecot.org/mailman/listinfo/dovecot-news

Re: v2.3.5.1 released

2019-03-28 Thread Aki Tuomi via dovecot 
2.3.5.1 was only for releasing CVE. We have decided not to add
non-related fixes into patch releases containing CVE releases for clarity.

Aki

On 28.3.2019 13.57, Marcelo Coelho via dovecot wrote:
> Hi,
>
> Why didn’t you apply this patch to v2.3.5.1?
>
>
> commit df8addd41d87e61113de22a21a0e61506a8d74c2
> Author: Stephan Bosch 
> Date:   Tue Mar 12 03:18:33 2019 +0100
>
>submission-login: client-authenticate - Fix crash occurring when client 
> disconnects during authentication.
>
> diff --git a/src/submission-login/client-authenticate.c 
> b/src/submission-login/client-authenticate.c
> index 8b5422f833..6b70701a1a 100644
> --- a/src/submission-login/client-authenticate.c
> +++ b/src/submission-login/client-authenticate.c
> @@ -98,6 +98,9 @@ void submission_client_auth_result(struct client *client,
>container_of(client, struct submission_client, common);
>struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth;
>
> +   if (subm_client->conn == NULL)
> +   return;
> +
>subm_client->pending_auth = NULL;
>i_assert(cmd != NULL);
>
> diff --git a/src/submission-login/client.c b/src/submission-login/client.c
> index 3e45e556c7..212afb92cf 100644
> --- a/src/submission-login/client.c
> +++ b/src/submission-login/client.c
> @@ -212,6 +212,8 @@ static void client_connection_disconnect(void *context, 
> const char *reason)
> {
>struct submission_client *client = context;
>
> +   client->pending_auth = NULL;
> +   client->pending_starttls = NULL;
>client_disconnect(>common, reason);
> }
>
>
>> On 28 Mar 2019, at 08:41, Aki Tuomi via dovecot  wrote:
>>
>> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
>> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
>> Binary packages in https://repo.dovecot.org/
>>
>> * CVE-2019-7524: Missing input buffer size validation leads into
>>   arbitrary buffer overflow when reading fts or pop3 uidl header
>>   from Dovecot index. Exploiting this requires direct write access to
>>   the index files.
>>
>> ---
>> Aki Tuomi
>> Open-Xchange oy
>>