v2.3.5.1 released

Aki Tuomi aki.tuomi at open-xchange.com
Thu Mar 28 14:16:52 EET 2019


2.3.5.1 was only for releasing CVE. We have decided not to add
non-related fixes into patch releases containing CVE releases for clarity.

Aki

On 28.3.2019 13.57, Marcelo Coelho via dovecot wrote:
> Hi,
>
> Why didn’t you apply this patch to v2.3.5.1?
>
>
> commit df8addd41d87e61113de22a21a0e61506a8d74c2
> Author: Stephan Bosch <stephan.bosch at dovecot.fi>
> Date:   Tue Mar 12 03:18:33 2019 +0100
>
>    submission-login: client-authenticate - Fix crash occurring when client disconnects during authentication.
>
> diff --git a/src/submission-login/client-authenticate.c b/src/submission-login/client-authenticate.c
> index 8b5422f833..6b70701a1a 100644
> --- a/src/submission-login/client-authenticate.c
> +++ b/src/submission-login/client-authenticate.c
> @@ -98,6 +98,9 @@ void submission_client_auth_result(struct client *client,
>                container_of(client, struct submission_client, common);
>        struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth;
>
> +       if (subm_client->conn == NULL)
> +               return;
> +
>        subm_client->pending_auth = NULL;
>        i_assert(cmd != NULL);
>
> diff --git a/src/submission-login/client.c b/src/submission-login/client.c
> index 3e45e556c7..212afb92cf 100644
> --- a/src/submission-login/client.c
> +++ b/src/submission-login/client.c
> @@ -212,6 +212,8 @@ static void client_connection_disconnect(void *context, const char *reason)
> {
>        struct submission_client *client = context;
>
> +       client->pending_auth = NULL;
> +       client->pending_starttls = NULL;
>        client_disconnect(&client->common, reason);
> }
>
>
>> On 28 Mar 2019, at 08:41, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote:
>>
>> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz
>> https://dovecot.org/releases/2.3/dovecot-2.3.5.1.tar.gz.sig
>> Binary packages in https://repo.dovecot.org/
>>
>>     * CVE-2019-7524: Missing input buffer size validation leads into
>>       arbitrary buffer overflow when reading fts or pop3 uidl header
>>       from Dovecot index. Exploiting this requires direct write access to
>>       the index files.
>>
>> ---
>> Aki Tuomi
>> Open-Xchange oy
>>


More information about the dovecot mailing list