Overview
Request 807017 accepted
- update to 2.3.10.1 with security fixes for
* CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter.
(boo#1171457)
* CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. (boo#1171458)
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the
lmtp service to crash. (boo#1171456)
Request History
darix created request
- update to 2.3.10.1 with security fixes for
* CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter.
(boo#1171457)
* CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. (boo#1171458)
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the
lmtp service to crash. (boo#1171456)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
namtrac accepted review
dimstar_suse added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:96"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:adi:96"
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:adi:96 got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:adi:96 got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:adi:96 got accepted.